[milters] Archive

Lists Index Date Thread Search

Article: 3849
From: Fabio Sangiovanni
Date: 2014-02-18 06:00:22 -0500
Subject: milter-link: prevent disclosure of private URIBL zone

Hi,

I've purchased milter-link and I have a problem regarding the SMTP 
response given to the client upon URIBL-related rejects.

The company I work for has a paid subscription to Spamhaus and SURBL 
data feeds. These ones come in the form of a dedicated zone to use as a 
suffix to the domains to be checked (they call it "Query Service").
E.g., let's say that the domain to be checked is dbltest.com. With the 
free Spamhaus service, one should query for the hostname 
dbltest.com.dbl.spamhaus.org. With the paid Query Service, Spamhaus 
assigns a dedicated zone, in the form:
XXXXXXXXXXXX.dbl.dq.spamhaus.net, where the Xs are an alphanumeric key 
that acts as a password to prevent other people to take advantage of the 
zone the subscriber pays for. So the queried hostname becomes 
dbltest.com.XXXXXXXXXXXX.dbl.dq.spamhaus.net.
Same applies to SURBL, which of course uses another suffix.

The suffix is a configuration parameter of milter-link; the problem is 
that when milter-link finds a match for a domain in a blacklist, it 
rejects the message disclosing the zone the domain matched against in 
the STMP response.
E.g: 5.7.1 black listed URL host dbltest.com by 
.XXXXXXXXXXXX.dbl.dq.spamhaus.net.;

This is obviously undesirable :)

Is there a way to prevent milter-link to disclose the zone? Can I 
somehow override the smtp response message for URIBL-related rejects?
I think this could be a nice feature to have out of the box.

Thanks a lot!

Fabio Sangiovanni

Lists Index Date Thread Search