[Mimedefang] Re: how to undo Verisigns mess
John Rowan Littell
littejo at earlham.edu
Tue Sep 16 15:38:01 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Lo, Jeremy Mates and the coffee pot sang in unison:
> * John Rowan Littell <littejo at earlham.edu>
> > Lo, Jeremy Mates and the coffee pot sang in unison:
>
> Tea pot. Coffee smells good, but otherwise wires my nervous system.
Mmm, yes. I'm drinking tea these days, but still quoting in coffee.
Must be something there.
> > ($domain, $tld) = $address =~ /<?( [\w-]+ (\.\w+) )>?$/x;
>
> The leading <? should not be needed, as we are working against the right
> hand side of the address string (post @ stuff).
Sure enough. Thinking about this solution, I find it's only going
to work until Verisign puts in multiple A records for the wildcards.
Below is an updated complete snippet with changes so far that now
grabs all the A records for the domain and the wildcard and checks
them until it finds a match (or until there's no match).
I've been using the single A record check on my main mail server for
the last two and a half hours and caught 12 messages so far; all of
them, on inspection, obviously spam and obviously faked domains.
###########################################
use Net::DNS;
my $resolver; # Net::DNS resolver object
sub domain_is_wildcard($) {
my ($address) = $_[0];
my ($tld, $domain, $wildcard);
my ($query, @domain_ip, @wildcard_ip, $match);
if (!defined $resolver) {
$resolver = new Net::DNS::Resolver;
}
$tld = $domain = $address;
($domain, $tld) = $address =~ /( [\w-]+ (\.\w+) )>?$/x;
return 0 if (!defined $domain || !defined $tld);
$wildcard = "*$tld";
@domain_ip = @wildcard_ip = ();
$query = $resolver->query ($domain, "A");
if ($query) {
foreach my $rr ($query->answer) {
next unless $rr->type eq "A";
push @domain_ip, $rr->address;
}
}
$query = $resolver->query ($wildcard, "A");
if ($query) {
foreach my $rr ($query->answer) {
next unless $rr->type eq "A";
push @wildcard_ip, $rr->address;
}
}
$match = 0;
for (my $i = 0; $i <= $#domain_ip && !$match; $i++) {
for (my $j = 0; $j <= $#wildcard_ip && !$match; $j++) {
($domain_ip[$i] eq $wildcard_ip[$j]) && ($match = 1);
}
}
return ($match);
}
###########################################
--rowan
- --
John "Rowan" Littell
Systems Administrator
Earlham College Computing Services
http://www.earlham.edu/~littejo/
2003-09-16 14:31
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
Comment: Made with pgp4pine 1.76
iQCVAwUBP2dmjpdUNSJ2nf/5AQHxqwP/WtE4UVsKCX13q6NQ+fj2dQaf5CvuSPBG
DAUM5hhV5XxZeJGyvNVtHUqTyfjZs837mB7qP7GCiu2FLTbTKgUuhUMLdAQEKTnO
ga5EEqGQG6MVO6OdEmFA/nRoi0bcb4JeZ7uZnqq7iWnUW52bxXLM73Znt3kEZDc4
U2l6O+8qBVQ=
=QPe2
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list