[Mimedefang] Re: how to undo Verisigns mess

John Rowan Littell littejo at earlham.edu
Tue Sep 16 15:38:01 EDT 2003 

-----BEGIN PGP SIGNED MESSAGE-----

Lo, Jeremy Mates and the coffee pot sang in unison:

> * John Rowan Littell <littejo at earlham.edu>
> > Lo, Jeremy Mates and the coffee pot sang in unison:
>
> Tea pot.  Coffee smells good, but otherwise wires my nervous system.

Mmm, yes.  I'm drinking tea these days, but still quoting in coffee.
Must be something there.

> > ($domain, $tld) = $address =~ /<?( [\w-]+ (\.\w+) )>?$/x;
>
> The leading <? should not be needed, as we are working against the right
> hand side of the address string (post @ stuff).

Sure enough.  Thinking about this solution, I find it's only going
to work until Verisign puts in multiple A records for the wildcards.
Below is an updated complete snippet with changes so far that now
grabs all the A records for the domain and the wildcard and checks
them until it finds a match (or until there's no match).

I've been using the single A record check on my main mail server for
the last two and a half hours and caught 12 messages so far; all of
them, on inspection, obviously spam and obviously faked domains.


###########################################
use Net::DNS;
my $resolver;			# Net::DNS resolver object

sub domain_is_wildcard($) {
	my ($address) = $_[0];
	my ($tld, $domain, $wildcard);
	my ($query, @domain_ip, @wildcard_ip, $match);

	if (!defined $resolver) {
		$resolver = new Net::DNS::Resolver;
	}

	$tld = $domain = $address;
	($domain, $tld) = $address =~ /( [\w-]+ (\.\w+) )>?$/x;
	return 0 if (!defined $domain || !defined $tld);
	$wildcard = "*$tld";

	@domain_ip = @wildcard_ip = ();
	$query = $resolver->query ($domain, "A");
	if ($query) {
		foreach my $rr ($query->answer) {
			next unless $rr->type eq "A";
			push @domain_ip, $rr->address;
		}
	}
	$query = $resolver->query ($wildcard, "A");
	if ($query) {
		foreach my $rr ($query->answer) {
			next unless $rr->type eq "A";
			push @wildcard_ip, $rr->address;
		}
	}

	$match = 0;
	for (my $i = 0; $i <= $#domain_ip && !$match; $i++) {
		for (my $j = 0; $j <= $#wildcard_ip && !$match; $j++) {
			($domain_ip[$i] eq $wildcard_ip[$j]) && ($match = 1);
		}
	}

	return ($match);
}
###########################################

  --rowan

- -- 
John "Rowan" Littell
Systems Administrator
Earlham College Computing Services
http://www.earlham.edu/~littejo/
2003-09-16 14:31
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
Comment: Made with pgp4pine 1.76

iQCVAwUBP2dmjpdUNSJ2nf/5AQHxqwP/WtE4UVsKCX13q6NQ+fj2dQaf5CvuSPBG
DAUM5hhV5XxZeJGyvNVtHUqTyfjZs837mB7qP7GCiu2FLTbTKgUuhUMLdAQEKTnO
ga5EEqGQG6MVO6OdEmFA/nRoi0bcb4JeZ7uZnqq7iWnUW52bxXLM73Znt3kEZDc4
U2l6O+8qBVQ=
=QPe2
-----END PGP SIGNATURE-----

More information about the MIMEDefang mailing list