[Mimedefang] To stop spam checking of Internal mail

[James Ralston]

On 2003-07-15 at 22:32:27-0400 "Kevin A. McGrail" <kmcgrail at peregrinehw.com> wrote:
> if ($hostip eq '127.0.0.1' or $hostip =~ /^10\.10\.10\./) {

No offense intended, but regex-matching against the textual
representation of the IP address is an ugly hack.  ;)

It's better to do something like this:

    use Socket;

    sub filter_relay ($$$) {

        my ($hostip, $hostname, $helo) = @_;

        my $addr = '';
        my $network_string = '';
        my $mask_string = '';

        # List networks that should be exempt from all filtering by
        # putting their network/mask pairs into the exempt_subnets
        # associative array.  (Follow the example for the loopback.)

        my %exempt_subnets = (
            '127.0.0.0',    '255.0.0.0',            # loopback
        );

        # If the address of the connecting client falls within one of
        # the subnets defined by %exempt_subnets, then bypass all
        # further filtering.

        $addr = inet_aton $hostip;
        while (($network_string, $mask_string) = each %exempt_subnets) {
            my $network = inet_aton $network_string;
            my $mask = inet_aton $mask_string;
            if (($addr & $mask) eq $network) {
                return ('ACCEPT_AND_NO_MORE_FILTERING', 'ok');
            }
        }

        # The client isn't in an exempt subnet; filtering should
        # continue.
        return ('CONTINUE', 'ok');

    }

This method also works if your netblock falls on a non-class boundary,
which is a condition very difficult to match with regexes.  (It's
probably faster than using regexes as well, but I haven't tested
that.)

-- 
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA