[Mimedefang] To stop spam checking of Internal mail

Mathew Thomas mathew.thomas at rmit.edu.au
Fri Jul 18 02:01:02 EDT 2003 

Thank you all for the script and it is working fine. This script will not do any filtering if the mail is from trusted domain. I have also looked at similar script which uses same method to check IP and if the IP is from the trusted network, it will not do SpamAssassin check.

use Socket;

sub relayIsTrusted($) {

  my ($address) = @_;
  
  my %trustedSubnets = (
  
    '127.0.0.1'       => '255.255.255.255',
    '204.182.112.64'  => '255.255.255.224',
    '64.38.151.160'   => '255.255.255.224'  
    
  );
  
  my $trustedRelay = 0;
  
  my $addr = inet_aton $address;
  while (my ($networkString, $netmaskString) = each %trustedSubnets) {
    my $network = inet_aton $networkString;
    my $netmask = inet_aton $netmaskString;
    if (($addr & $netmask) eq $network) { $trustedRelay = 1; last; }
  }
  
  return $trustedRelay;
  
}

Mathew
RMIT University
Australia

>>> qralston+ml.mimedefang at andrew.cmu.edu 17/07/03 8:14:53 >>>
On 2003-07-15 at 22:32:27-0400 "Kevin A. McGrail" <kmcgrail at peregrinehw.com> wrote:
> if ($hostip eq '127.0.0.1' or $hostip =~ /^10\.10\.10\./) {

No offense intended, but regex-matching against the textual
representation of the IP address is an ugly hack.  ;)

It's better to do something like this:

    use Socket;

    sub filter_relay ($$$) {

        my ($hostip, $hostname, $helo) = @_;

        my $addr = '';
        my $network_string = '';
        my $mask_string = '';

        # List networks that should be exempt from all filtering by
        # putting their network/mask pairs into the exempt_subnets
        # associative array.  (Follow the example for the loopback.)

        my %exempt_subnets = (
            '127.0.0.0',    '255.0.0.0',            # loopback
        );

        # If the address of the connecting client falls within one of
        # the subnets defined by %exempt_subnets, then bypass all
        # further filtering.

        $addr = inet_aton $hostip;
        while (($network_string, $mask_string) = each %exempt_subnets) {
            my $network = inet_aton $network_string;
            my $mask = inet_aton $mask_string;
            if (($addr & $mask) eq $network) {
                return ('ACCEPT_AND_NO_MORE_FILTERING', 'ok');
            }
        }

        # The client isn't in an exempt subnet; filtering should
        # continue.
        return ('CONTINUE', 'ok');

    }

This method also works if your netblock falls on a non-class boundary,
which is a condition very difficult to match with regexes.  (It's
probably faster than using regexes as well, but I haven't tested
that.)

-- 
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA

_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com 
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list