From b96f02cfaef5a7eef4f6decc651955405e2fe099 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Wed, 19 Jul 2017 10:46:08 +0100
Subject: [PATCH] lists.m4, exchange.m4: Check for bogus addresses when doing
 DNS lookups.

Inspired by Chris Siebenmann's `How not to set up your DNS' series; see
https://utcc.utoronto.ca/~cks/space/blog/__Index.
---
 exchange.m4 |  4 ++++
 lists.m4    | 14 ++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/exchange.m4 b/exchange.m4
index b4cb02b..cf2a81b 100644
--- a/exchange.m4
+++ b/exchange.m4
@@ -96,6 +96,8 @@ local:
 			   CONF_master_domain : \
 			   *.CONF_master_domain }}
 	self = fail
+	same_domain_copy_routing = yes
+	ignore_target_hosts = +bogus
 	transport = smtp_local
 	no_more
 
@@ -107,6 +109,8 @@ remote:
 			       {false})}} \
 		       {}{ ! +public }}
 	self = fail
+	same_domain_copy_routing = yes
+	ignore_target_hosts = +bogus_public
 	transport = smtp
 	no_more
 
diff --git a/lists.m4 b/lists.m4
index 8f12fd8..88ae8c8 100644
--- a/lists.m4
+++ b/lists.m4
@@ -43,6 +43,20 @@ hostlist allnets = <; \
 	172.29.198.0/23 ; 2001:8b0:c92::/48 ; \
 	2001:ba8:1d9::/48 ; 2001:470:9740::/48
 
+## Addresses which are likely to be bogus.  These are zero, loopback,
+## multicast, broadcast (IPv4), and blocks reserved for documentation.
+hostlist bogus = <; \
+	 :: ; ::1 ; ff00::/8 ; 2001:db8::/32 ; \
+	 0.0.0.0 ; 127.0.0.0/8 ; 224.0.0.0/4 ; 255.255.255.255 ; \
+	 192.0.2.0/24 ; 198.51.100.0/24 ; 203.0.113.0/24
+
+## Addresses which are likely to be bogus as public mailservers.  These are
+## the generally bogus addresses, plus link-local and private use addresses.
+hostlist bogus_public = <; \
+	+bogus ; \
+	fe80::/10 ; fc00::/7 ; \
+	169.254.0.0/16 ; 10.0.0.0/8 ; 172.16.0.0/12 ; 192.168.0.0/16
+
 ## Domains we're authoritative for.
 domainlist thishost = @ : @[] : \
 	${map {${extract {${extract {1}{.}{$primary_hostname}}} \
-- 
2.11.0