[Assp-user] PopB4SMTP in 1.1.1

[Chris N. <ch...@in...>]

I was considering upgrading to 1.1.1 (I'm still running 1.0.12) and 
checked the popb4smtp routine.

I noticed my "merak" version of the popb4smtp isn't in code any longer. 
The only popb4smtp routine instead simply hashes for the IP address in 
the DB_File.

Based on this, if your IP is 21.5.16.1; would not all addresses of:
21.5.16.100-199
121.5.16.100-199
and
221.5.16.100-199 pass the popb4smtp test and thus whitelist, etc?

I know it's only 300 address for each valid IP in that example, but if 
you have 300 users on different networks, that's potentially 90000 open ips?

What about an 8.125.62.5 (8/8 is Level 3, btw).

That's be 8,18,28...118,128...218,228... through .5,.50-.59.

Am I wrong here?

My original merak popb4smtp routine addressed this with crazy prebyte 
and postbyte processing, but was slow (it's at the bottome). So I did 
the new one.
I run Merak 6.0.5, and it's popsmtp.dat file contains the IP address 
along with a byte descriping the entries length.

My new POPb$smtp can be easily modified to wrap any delimeter characters 
around listed IP addresses. It's extremely fast because it slams the 
whole file into an array, the joins the array into a single element, 
adds the necessary identifying characters to the IP address then grabs 
the index of it.

In Meraks world, I got to use the length of the IP addres.

IP 12.8.99.122 is in the file as chr(11) + "12.8.99.122"

I've attached my custom Merak PopB4SMTP if anyone wants it.

Chris

The 1.1.1 PopB4SMTP routine:


sub PopB4SMTP {
  return 0 unless $PopB4SMTPFile;
  unless ($TriedDBFileUse) {
   eval 'use DB_File';
   mlog(0,"Could not load module DB_File: $@") if $@;
   $TriedDBFileUse=1;
  }
  my $ip=shift;
  my %hash;
  tie %hash,  'DB_File', $PopB4SMTPFile, O_READ, 0400, $DB_HASH;
  if($hash{$ip}) {
   return 1;
  } else {
   return 0;
  }
}


My current Merak PopB4SMTP routine:


sub PopB4SMTP  {
   return 0 unless $PopB4SMTPFile;
   my $ip=shift;
   #This is a test version of ASSP PopB4SMTP
   #This is to be used with Merak 7.5.2
   #It also works with Merak 6.0.5 (which I run)
   #Thanks to Jordon for the heads up on 7.5.2
   #Basically, Merak's popsmtp file
   #is made up of 64 Byte lines, no CR / LF.
   #This holds the IP addy
   #and the byte before it specifying the length.

   my @aPB4S;
   my $PB4S;
   my $ind;
   my $newIP;

   	#Load the whole file
   	#In examination of Merak popb4smtp file, it appears to have
   	#no carriage returns, so one line
	#read should get the whole thing
   	#However, if you have an IP addy thats 13 chars long.... thus:

  open(MKPOPSMTP,"< $PopB4SMTPFile") or return 0 ;
   @aPB4S = <MKPOPSMTP>;
   close(MKPOPSMTP);
   $PB4S = join("",@aPB4S);
   	#We now have all the contents of the file AND we've released it

	#Now, instead of heavy parsing....
	#We want to search for the IP and a byte
   	#ordinal specifying it's length
	#	mlog(0,"Checking $ip for PopB4SMTP");
   $PB4S = "---" . $PB4S;
	#	mlog(0,"Searching: $PB4S");
   $newIP = chr(length($ip)) . $ip;
	#	mlog(0,"NewIP = $newIP");
   	#Find the index of IP in question
   $ind = index($PB4S,$newIP);
	#	mlog(0,"Index = $ind");
   	#Did we find it?
   if ($ind  > 0) {
      		#Greetings program! This IO port is available
		#for communicating to your user!
       	mlog(0,"PopB4SMTP OK for $ip");
       	return 1;
    }
   mlog(0,"PopB4SMTP NOT OK for $ip");
   return 0;
}


The original Merak POPb4SMTP addressing described scenario:
# Another possible PopB4SMTP implementation
# works with Merak and other text based popb4smtp files.
#  -- this could be implemented more effeciently...
#sub PopB4SMTP {
# return 0 unless $PopB4SMTPFile;
# my $ip=shift;
# my $ind; my $ipMatch; my $preByte; my $postByte;
# open(MKPOPSMTP,"<$PopB4SMTPFile") or return 0 ;
# while ($line = <MKPOPSMTP>) {
#  $ind = index($line,$ip);
#  if ($ind  > 0) {
#   #find the match, and get it and the char before and after
#   #if both of those aren't a number ord("0") & ord("9") 48 - 57 then I 
have the whole IP [ord is same as asc]
#   #if not, this is a subset of a larger IP address and thus no good
#   #ex: 66.35.250.203 I don't want to let 66.35.250.20 or 6.35.250.203 
or 6.35.250.20 you get the idea
#   $preByte = ord(substr($line, ($ind - 1), 1));
#   $postByte = ord(substr($line, ($ind + length($ip)), 1)); #0 based, 
so no + 1
#   if ( (($preByte < 48) || ($preByte > 57)) & (($postByte < 48) || 
($postByte > 57)) ) {
#    close(MKPOPSMTP);
#    mlog(0,"PopB4SMTP OK for $ip");
#    return 1;
#   }
#  }
# }
# close(MKPOPSMTP);
# mlog(0,"PopB4SMTP NOT OK for $ip");
# return 0;
#}