Understand modern 4-letters domain names

Don't trust EXTRA_HEADERS and HELO, all of this can be easily faked
Restrict sensing of 3-rd level domains to known variants

2 files changed, 61 insertions, 12 deletions

diff --git a/mail/ricochet/Makefile b/mail/ricochet/Makefile
index 0889f979a0e3..c141df7e7899 100644
--- a/mail/ricochet/Makefile
+++ b/mail/ricochet/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	ricochet
 PORTVERSION=	0.97
-PORTREVISION=   5
+PORTREVISION=   6
 CATEGORIES=	mail
 MASTER_SITES=	http://vipul.net/perl/sources/spamcontrol/ricochet/
 
@@ -21,10 +21,10 @@ RUN_DEPENDS=	${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/Mail/Internet.pm:${POR
 
 NO_BUILD=	yes
 
-post-patch:
+do-configure:
 .for file in install ricochet
-	@${PERL5} -pi -e 's,%%PREFIX%%,${PREFIX},g' ${WRKSRC}/${file}
-	@${PERL5} -pi -e 's,%%INSTALL_DATA%%,${INSTALL_DATA},g' ${WRKSRC}/${file}
+	${PERL5} -pi -e 's,%%PREFIX%%,${PREFIX},g' ${WRKSRC}/${file}
+	${PERL5} -pi -e 's,%%INSTALL_DATA%%,${INSTALL_DATA},g' ${WRKSRC}/${file}
 .endfor
 
 do-install:
diff --git a/mail/ricochet/files/patch-ricochet b/mail/ricochet/files/patch-ricochet
index 38ddbad7f8ba..a163df96a17c 100644
--- a/mail/ricochet/files/patch-ricochet
+++ b/mail/ricochet/files/patch-ricochet
@@ -1,6 +1,18 @@
 --- ricochet.orig	Thu Feb  8 22:23:19 2001
-+++ ricochet	Thu Mar  7 03:31:11 2002
-@@ -227,13 +227,19 @@
++++ ricochet	Sun May 19 12:24:58 2002
+@@ -128,7 +128,10 @@
+ 										 ## List of receipients at ORIG_DOMAN 
+                                          ## besides the CONTACTS.
+ 
+-    EXTRA_HEADERS     => [qw/from reply-to sender errors-to return-path/], 
++##  Anything there can be easily faked, producing lots of unwanted
++##  complaints. Better will not use it.
++##  EXTRA_HEADERS     => [qw/from reply-to sender errors-to return-path/],
++    EXTRA_HEADERS     => undef,
+                                          ## Headers to analyze besides 
+                                          ## 'Received'
+ 
+@@ -227,13 +230,19 @@
  
       
      $self->debug (0, "\nANALYZING HEADERS...\n"); 
@@ -21,7 +33,7 @@
              if ((_nslookup ($host) && ($NS = 1)) || (_mxlookup ($host) && ($MX = 1))) { 
                  $self->debug (2,"+ $host EXISTS.\n") if $NS; 
                  $self->debug (2,"+ $host HAS A MX RECORD.\n") if $MX; 
-@@ -244,6 +250,7 @@
+@@ -244,6 +253,7 @@
                  }  
              } else { $self->debug (2,"- POSSIBLY FAKED HEADER. $host DOESN'T EXIST.\n") } 
          }
@@ -29,9 +41,26 @@
      } @{$self->{EXTRA_HEADERS}}; 
  
      while ($match == 0) {
-@@ -406,8 +413,14 @@
-     my @transmit_hosts = $by =~ /($HOSTRE)/gs; 
+@@ -379,7 +389,7 @@
+ ## ---------------------------------------------------------------------------
  
+ sub authentic { 
+-    my $HOSTRE = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,3}(?=[^A-Za-z\-\d])'; 
++    my $HOSTRE = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,4}(?=[^A-Za-z\-\d])';
+     my $IPRE = '\d{1,3}\.\d{1,3}\.\d{1,3}.\d{1,3}';
+ 
+     my ($self, $received) = @_;
+@@ -401,13 +411,20 @@
+     
+     $received =~ /from\s(.*?)$rfc/s; my $from = " $1 "; 
+     $received =~ /by\s(.*?)$rfc/s; my $by = " $1 "; 
+-    my @orig_hosts = $from =~ /($HOSTRE)/gs; 
++
++    ## Trust only "(host.name [" part, HELO can be fake
++    my @orig_hosts = $from =~ /\([^()\[\]]*?($HOSTRE)[^()\[\]]*?\[/gs;
+     my @orig_ips = $from =~ /($IPRE)/gs; 
+     my @transmit_hosts = $by =~ /($HOSTRE)/gs; 
+-
      my @ips = $by =~ /($IPRE)/gs; 
 +
 +    my $header = $self->{MAIL}->head;
@@ -45,7 +74,7 @@
              $auth = 1;
              $self->{ORIG_HOSTS}->add ($_); 
              $self->debug (2,"+ $_ EXISTS."); 
-@@ -417,15 +430,21 @@
+@@ -417,15 +434,21 @@
      my $host; 
      grep { 
          if ($host = _ptrquery ($_)) { 
@@ -70,7 +99,7 @@
                  $auth = 1; 
                  $self->{TRANSMIT_HOSTS}->add ($_); 
                  $self->debug (2,"+ $_ EXISTS.");
-@@ -439,7 +458,13 @@
+@@ -439,7 +462,13 @@
      }
  
      unless ($self->relaxed == 1) {    
@@ -85,7 +114,7 @@
      }
      
      $self->debug (2, "+ Seems Authentic.\n"); 
-@@ -574,7 +599,8 @@
+@@ -574,7 +603,8 @@
  
  sub initialize { 
      my $self = shift; 
@@ -95,3 +124,23 @@
      Carp::croak "** Ricochet configuration file $rc doesn't exist. Aborting.\n" unless -e $rc; 
      open (RC, $rc); 
      grep { 
+@@ -758,8 +788,8 @@
+ 
+ sub _domain { 
+     my $host = shift; $host =~ y/A-Z/a-z/; my $domain = ''; 
+-    ($domain) = $host =~ /([\da-z\-]+\.[a-z]{2,3}\.[a-z]{2})$/;
+-    ($domain) = $host =~ /([\da-z\-]+\.[a-z]{2,3})$/ unless $domain;  
++    ($domain) = $host =~ /([\da-z\-]+\.(edu?|com?|net?|org?|gov?|int|ac|pp)\.[a-z]{2})$/;
++    ($domain) = $host =~ /([\da-z\-]+\.[a-z]{2,4})$/ unless $domain;
+     return $domain ? $domain : undef; 
+ }
+ 
+@@ -769,7 +799,7 @@
+ ## ---------------------------------------------------------------------------
+ 
+ sub _host { 
+-    my $hostre = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,3}(?=[^A-Za-z\-\d]|$)'; 
++    my $hostre = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,4}(?=[^A-Za-z\-\d]|$)';
+     my $data = shift; 
+     my ($host) = $data =~ /($hostre)/; 
+     return $host if $host ne '';