RE: RCVD_ILLEGAL_IP question(s) - SpamAssassin

This is a discussion on RE: RCVD_ILLEGAL_IP question(s) - SpamAssassin ; Brian Martinez wrote: > > I'm guessing the IP address in question is: 1.226.208.65 > > While it certainly is not within a range I see all that often, I am > assured by our hostmaster that it is legit. ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: RE: RCVD_ILLEGAL_IP question(s)

  1. RE: RCVD_ILLEGAL_IP question(s)

    Brian Martinez wrote:
    >
    > I'm guessing the IP address in question is: 1.226.208.65
    >
    > While it certainly is not within a range I see all that often, I am
    > assured by our hostmaster that it is legit. Another one I've seen is
    > 1.226.208.61


    As far as I can tell, that IP address is invalid. It is listed by IANA
    as "unallocated". If you are using this IP block internally, you will
    need to edit the function to allow it.

    Try this modification to the function:

    return 1 if ($check =~ /^
    (?:[0257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\
    ..\d+
    $/x);

    I removed the '1' in the first character class in the regex. This will
    prevent the regex from matching on 1.x.x.x addresses.

    Keep in mind that you will most likely have to modify this function each
    time you update SpamAssassin.

    --
    Bowie


  2. Re: RCVD_ILLEGAL_IP question(s)

    From: "Bowie Bailey"
    Sent: Wednesday, 2008, August 13 12:58


    > Brian Martinez wrote:
    >>
    >> I'm guessing the IP address in question is: 1.226.208.65
    >>
    >> While it certainly is not within a range I see all that often, I am
    >> assured by our hostmaster that it is legit. Another one I've seen is
    >> 1.226.208.61

    >
    > As far as I can tell, that IP address is invalid. It is listed by IANA
    > as "unallocated". If you are using this IP block internally, you will
    > need to edit the function to allow it.
    >
    > Try this modification to the function:
    >
    > return 1 if ($check =~ /^
    > (?:[0257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\
    > .\d+
    > $/x);
    >
    > I removed the '1' in the first character class in the regex. This will
    > prevent the regex from matching on 1.x.x.x addresses.
    >
    > Keep in mind that you will most likely have to modify this function each
    > time you update SpamAssassin.


    It sure as heck is invalid:

    [root@thing ~]# whois 1.226.208.65
    [Querying whois.arin.net]
    [whois.arin.net]

    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 1.0.0.0 - 1.255.255.255
    CIDR: 1.0.0.0/8
    NetName: RESERVED-9
    NetHandle: NET-1-0-0-0-1
    Parent:
    NetType: IANA Reserved
    Comment:
    RegDate:
    Updated: 2002-09-12

    OrgAbuseHandle: IANA-IP-ARIN
    OrgAbuseName: Internet Corporation for Assigned Names and Number
    OrgAbusePhone: +1-310-301-5820
    OrgAbuseEmail: abuse@iana.org

    OrgTechHandle: IANA-IP-ARIN
    OrgTechName: Internet Corporation for Assigned Names and Number
    OrgTechPhone: +1-310-301-5820
    OrgTechEmail: abuse@iana.org


    What the heck is Consumers Energy doing using a reserved IP address?

    Either they are illegally configured into the Internet or IANA MUST
    update their whois listing for that address and netblock now that it is
    being used.

    {^_^}

    {^_^}


  3. Re: RCVD_ILLEGAL_IP question(s)

    At 14:37 13-08-2008, jdow wrote:
    >What the heck is Consumers Energy doing using a reserved IP address?


    They are not the only ones using these IP addresses for internal
    use. It will be interesting to see what happens when these IP
    addresses are assigned.

    Regards,
    -sm


  4. Re: RCVD_ILLEGAL_IP question(s)

    On Wed, Aug 13, 2008 at 03:33:56PM -0700, SM wrote:
    > They are not the only ones using these IP addresses for internal
    > use. It will be interesting to see what happens when these IP
    > addresses are assigned.


    Reminds me of a time where I ran into a company who internally were
    using long-time public address space from a different company. They were
    surprised when they couldn't get to http://www.hp.com/. Oops.

    --
    Randomly Selected Tagline:
    Do not underestimate the value of print statements for debugging.
    Don't have aesthetic convulsions when using them, either.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.8 (GNU/Linux)

    iD8DBQFIo2ktRnAwoQckjjoRArD3AKCjadvYSMAGetvAXd3m8O aSp3gSDQCeKsIG
    H+NB2PxeML//OhZ5hSsnND8=
    =Yfks
    -----END PGP SIGNATURE-----


  5. Re: RCVD_ILLEGAL_IP question(s)

    On Wed, 13 Aug 2008, Theo Van Dinter wrote:

    > On Wed, Aug 13, 2008 at 03:33:56PM -0700, SM wrote:
    >> They are not the only ones using these IP addresses for internal
    >> use. It will be interesting to see what happens when these IP
    >> addresses are assigned.

    >
    > Reminds me of a time where I ran into a company who internally were
    > using long-time public address space from a different company. They
    > were surprised when they couldn't get to http://www.hp.com/. Oops.


    Sherman, set the wayback machine for 1988 - setting up my first LAN with
    SCO Xenix.

    Execlan's documentation used *their own* registered public IP network for
    configuration examples. We hadn't heard about RFC-1918 yet, so we just
    followed the directions.

    Ah, the fun we had with that.

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    Public Education: the bureaucratic process of replacing
    an empty mind with a closed one. -- Thorax
    -----------------------------------------------------------------------
    2 days until the 63rd anniversary of the end of World War II


+ Reply to Thread