RBL operator missing IP validation and potential goroutine leak

[jptosso]

Description:

In internal/operators/rbl.go:56-104:

1. Goroutine leak on timeout (confirmed): When the 500ms time.After timeout fires, Evaluate() returns and defer cancel() cancels the context. The goroutine's DNS call (LookupHost) returns an error due to context cancellation and then tries to send false on the unbuffered resC channel (line 74). Since the main function already exited the select, nobody is receiving — the goroutine blocks forever on the channel send and never reaches defer close(resC). This leaks one goroutine per timed-out RBL lookup.

2. No IP validation (low risk): ipAddr is directly interpolated into a DNS query via fmt.Sprintf("%s.%s", ipAddr, o.service) with a TODO validate address at line 57. In practice the operator is typically used with REMOTE_ADDR which is always a valid IP from the network stack, so the risk is limited to wasted DNS lookups on malformed input.

Steps:

• Make resC buffered: make(chan bool, 1) so the goroutine can complete its send and exit cleanly even when the main function has already returned from the select
• Optionally validate ipAddr with net.ParseIP() and return false early if invalid

Files: internal/operators/rbl.go