Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(localhost-loop): fix outbound loop when target mx is localhost #2952

Merged
merged 6 commits into from
Sep 1, 2021
Merged

fix(localhost-loop): fix outbound loop when target mx is localhost #2952

merged 6 commits into from
Sep 1, 2021

Conversation

DoobleD
Copy link
Contributor

@DoobleD DoobleD commented Jun 15, 2021
edited
Loading

Fixes #2809

Changes proposed in this pull request:

  • keep target mx only if its IP is not a local IP

Checklist:

  • docs updated
  • tests updated
  • Changes updated

@DoobleD DoobleD changed the title fix(localhost-loop): fix outbound loop when target mx is locahost fix(localhost-loop): fix outbound loop when target mx is localhost Jun 15, 2021
baudehlo
baudehlo requested changes Jun 15, 2021
View reviewed changes
Copy link
Collaborator

@baudehlo baudehlo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would wrap this in some sort of config too, something like cfg.local_mx_ok (which will disable this check, i.e. outbound to local IPs is disabled by default, as per this patch), and add it to booleans in outbound/config.js, and don't forget the docs.

@msimerson
Copy link
Member

I'm not sure this is the right default. There are plenty of use cases where a MTA accepts mail and then delivers it to localhost on another port.

@baudehlo
Copy link
Collaborator

baudehlo commented Jun 15, 2021 via email

@DoobleD
Copy link
Contributor Author

DoobleD commented Jun 16, 2021

Thanks for the feedback. Here's an attempt at a config param as suggested.

baudehlo
baudehlo requested changes Jun 16, 2021
View reviewed changes
outbound/config.js Outdated Show resolved Hide resolved
msimerson
msimerson reviewed Jun 17, 2021
View reviewed changes
docs/Outbound.md Outdated Show resolved Hide resolved
msimerson
msimerson previously approved these changes Jun 17, 2021
View reviewed changes
Copy link
Member

@msimerson msimerson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@msimerson msimerson merged commit d1a024c into haraka:master Sep 1, 2021
analogic
analogic reviewed Sep 9, 2021
View reviewed changes
outbound/mx_lookup.js
@@ -33,8 +35,10 @@ exports.lookup_mx = function lookup_mx (domain, cb) {
}
else if (addresses && addresses.length) {
for (let i=0,l=addresses.length; i < l; i++) {
const mx = wrap_mx(addresses[i]);
mxs.push(mx);
if (obc.cfg.local_mx_ok || !net_utils.is_local_ip(addresses[i].exchange)) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for being late to the party but addresses[i].exchange gives me hostname not IP

Copy link
Contributor Author

@DoobleD DoobleD Sep 15, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the feedback @analogic.

I just tested it and you're right, I get the hostname too, whereas net_utils.is_local_ip seems to expect an ip.

The change solves #2809 anyway because (from what I understand) the issue was addressing cases where the MX record was returning a local IP (not a hostname), such as with domain yeah.com:

$ dig MX yeah.com
...
yeah.com.		534	IN	MX	1000 0.0.0.0.
...

In that case addresses = [ { exchange: '0.0.0.0', priority: 1000 } ] and the fix does work.

The fix would fail for an MX record returning a hostname resolving to a local ip. Is this a legitimate use case? If yes, perhaps we could use net_utils.get_ips_by_host [source] to resolve addresses[i].exchange to an ip? I'm wondering if this can badly impact performance though. I'm not knowledgeable enough on Haraka to evaluate this.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use net.isIP to define if .exchange is an IP or not. When its not an IP, using net_utils.get_ips_by_host to resolve should be fine.

Copy link
Contributor Author

@DoobleD DoobleD Nov 28, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've made two PRs as a fix attempt:

@DoobleD DoobleD mentioned this pull request Nov 28, 2021
Merged
3 tasks
@msimerson msimerson mentioned this pull request Mar 12, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@analogic analogic analogic left review comments

@msimerson msimerson msimerson approved these changes

@baudehlo baudehlo baudehlo requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Localhost mail loop problem
4 participants
@DoobleD @msimerson @baudehlo @analogic