Duplicate sub domains added to rules every day

Discuss our MailScanner install script and MailScanner itself
6 posts Page 1 of 1
Bigwebmaster
Junior Member
Posts: 4
Joined: 06 Feb 2015, 17:41


Every day when the script looks for new domains or sub domains to add to the different rules like:
Code: Select all
spam.scanning.rules
spam.action.rules
spamhigh.action.rules
virus.delivery.rules
There is a particular subdomain that keeps getting added every day and is causing hundreds of duplicate entries in the above files. The interesting part is it feels like there is some pattern not matching correctly. I have two domains in the following formats added:
Code: Select all
my-domain.com
my.domain.com
The 2nd entry my.domain..com is showing hundreds of times in the rules files and every day a new set of entries gets added and I get an email like:
Code: Select all
cPanel -> MailScanner Report
my-domain.com added to spam.scanning.rules
my-domain.com added to spam.action.rules
my-domain.com added to spamhigh.action.rules
my-domain.com added to virus.delivery.rules
That is the interesting part, the e-mail says my-domain.com keeps getting added every day to these rules, but if you look in the rules themselves its actually my.domain..com that keeps getting added:
Code: Select all
To: *@my.domain.com    yes
To: *@my.domain.com    yes
To: *@my.domain.com    yes
To: *@my.domain.com    yes
To: *@my.domain.com    yes
...
Clearly there is a bug of some sorts, hoping this can get sorted out eventually.
Sarah
Moderator
Posts: 787
Joined: 09 Dec 2006, 22:49


Usually this is caused by some problem in /etc/localdomains or /etc/secondarymx, which is where the MSFE back-end script gets the domain list. You should check these files for anything odd, any duplicate lines, blank lines, strange characters, etc.
Bigwebmaster
Junior Member
Posts: 4
Joined: 06 Feb 2015, 17:41


Thanks for getting back to me, I took a look at both files and there are no duplicate lines or anything out of the ordinary. I think there is a bug.
Sarah
Moderator
Posts: 787
Joined: 09 Dec 2006, 22:49


We have had no other reports of issues with this. If you'd like us to take a look please submit a ticket on the helpdesk with access details.
https://support.configserver.com/
Bigwebmaster
Junior Member
Posts: 4
Joined: 06 Feb 2015, 17:41


I actually did the work for you to find the bug. The problem is in this file:
Code: Select all
/usr/mscpanel/msbe.pl
Line: 204, 220, 241, 262, and others. Double check all regular expressions.

There could be others. The problem is that you have statements like this:
Code: Select all
        foreach my $domain (keys %setdomains) {
            if ($ssr[$x] !~ /\*\@$domain\s/) {next}
            my ($spam,$lspam,$hspam,$virus,$dvirus,$notused,$altemail) = split(/\:/,$setdomains{$domain});
            $ssr[$x] = "$msconfig{spam_scanning_rules_ini}\t*\@$domain\t$spam";
            delete $hitdomains{$domain};
        }
The issue here is that you are doing a regular expression match with out quoting the meta characters. So when you do:
Code: Select all
            if ($ssr[$x] !~ /\*\@$domain\s/) {next}
That will match both "my.domain.com" and "my-domain.com" because the period after the "my" is considered a meta character and periods match everything. Thus both domains are matching here when they shouldn't. So this fix is to make sure each one has its meta characters quoted via:
Code: Select all
            my $mdomain = quotemeta($domain);
and I have verified this solved the problem:
Code: Select all
        foreach my $domain (keys %setdomains) {
            my $mdomain = quotemeta($domain);
            if ($ssr[$x] !~ /\*\@$mdomain\s/) {next}
            my ($spam,$lspam,$hspam,$virus,$dvirus,$notused,$altemail) = split(/\:/,$setdomains{$domain});
            $ssr[$x] = "$msconfig{spam_scanning_rules_ini}\t*\@$domain\t$spam";
            delete $hitdomains{$domain};
        }
I believe there are other areas throughout these scripts where the same sort of scenarios are happening with meta characters not being escaped. For me this is the only issue I was having though, but meta characters should be escaped before trying to match which might solve other "bugs".
Sarah
Moderator
Posts: 787
Joined: 09 Dec 2006, 22:49


Thanks, we'll look into it.
6 posts Page 1 of 1