Closed hege-li closed 5 years ago
I don't know, this could be a way for spammers to intentionally use a lot of email addresses trying to avoid detection.
Don't you think having 10-50 different emails (domains in this case) in a message is a bit suspicious?
It's common sense to not have any scenario where thousands of DNS queries might be generated. This is what SpamAssassin plugins do also.
PS. From SA 3.4.3 HashBL.pm can be used to make these email body queries directly.
Domains returned are now limited
Current code allows easy DoS-like things, since there is no limit for queries.
For example _get_domains_from_body_emails should return only max ~10 domains (if there is more, it should be random selection). Now it can return thousands for a degenerate (or even intentionally evil) message.