Page 1 of 1

Duplicate sub domains added to rules every day

Posted: 08 Jul 2018, 17:11
by Bigwebmaster
Every day when the script looks for new domains or sub domains to add to the different rules like:

Code: Select all

spam.scanning.rules
spam.action.rules
spamhigh.action.rules
virus.delivery.rules
There is a particular subdomain that keeps getting added every day and is causing hundreds of duplicate entries in the above files. The interesting part is it feels like there is some pattern not matching correctly. I have two domains in the following formats added:

Code: Select all

my-domain.com
my.domain.com
The 2nd entry my.domain..com is showing hundreds of times in the rules files and every day a new set of entries gets added and I get an email like:

Code: Select all

cPanel -> MailScanner Report
my-domain.com added to spam.scanning.rules
my-domain.com added to spam.action.rules
my-domain.com added to spamhigh.action.rules
my-domain.com added to virus.delivery.rules
That is the interesting part, the e-mail says my-domain.com keeps getting added every day to these rules, but if you look in the rules themselves its actually my.domain..com that keeps getting added:

Code: Select all

To: *@my.domain.com    yes
To: *@my.domain.com    yes
To: *@my.domain.com    yes
To: *@my.domain.com    yes
To: *@my.domain.com    yes
...
Clearly there is a bug of some sorts, hoping this can get sorted out eventually.

Re: Duplicate sub domains added to rules every day

Posted: 08 Jul 2018, 18:18
by Sarah
Usually this is caused by some problem in /etc/localdomains or /etc/secondarymx, which is where the MSFE back-end script gets the domain list. You should check these files for anything odd, any duplicate lines, blank lines, strange characters, etc.

Re: Duplicate sub domains added to rules every day

Posted: 30 Jul 2018, 17:01
by Bigwebmaster
Thanks for getting back to me, I took a look at both files and there are no duplicate lines or anything out of the ordinary. I think there is a bug.

Re: Duplicate sub domains added to rules every day

Posted: 30 Jul 2018, 18:11
by Sarah
We have had no other reports of issues with this. If you'd like us to take a look please submit a ticket on the helpdesk with access details.
https://support.configserver.com/

Re: Duplicate sub domains added to rules every day

Posted: 30 Jul 2018, 19:18
by Bigwebmaster
I actually did the work for you to find the bug. The problem is in this file:

Code: Select all

/usr/mscpanel/msbe.pl
Line: 204, 220, 241, 262, and others. Double check all regular expressions.

There could be others. The problem is that you have statements like this:

Code: Select all

        foreach my $domain (keys %setdomains) {
            if ($ssr[$x] !~ /\*\@$domain\s/) {next}
            my ($spam,$lspam,$hspam,$virus,$dvirus,$notused,$altemail) = split(/\:/,$setdomains{$domain});
            $ssr[$x] = "$msconfig{spam_scanning_rules_ini}\t*\@$domain\t$spam";
            delete $hitdomains{$domain};
        }
The issue here is that you are doing a regular expression match with out quoting the meta characters. So when you do:

Code: Select all

            if ($ssr[$x] !~ /\*\@$domain\s/) {next}
That will match both "my.domain.com" and "my-domain.com" because the period after the "my" is considered a meta character and periods match everything. Thus both domains are matching here when they shouldn't. So this fix is to make sure each one has its meta characters quoted via:

Code: Select all

            my $mdomain = quotemeta($domain);
and I have verified this solved the problem:

Code: Select all

        foreach my $domain (keys %setdomains) {
            my $mdomain = quotemeta($domain);
            if ($ssr[$x] !~ /\*\@$mdomain\s/) {next}
            my ($spam,$lspam,$hspam,$virus,$dvirus,$notused,$altemail) = split(/\:/,$setdomains{$domain});
            $ssr[$x] = "$msconfig{spam_scanning_rules_ini}\t*\@$domain\t$spam";
            delete $hitdomains{$domain};
        }
I believe there are other areas throughout these scripts where the same sort of scenarios are happening with meta characters not being escaped. For me this is the only issue I was having though, but meta characters should be escaped before trying to match which might solve other "bugs".

Re: Duplicate sub domains added to rules every day

Posted: 30 Jul 2018, 21:58
by Sarah
Thanks, we'll look into it.