[Mimedefang] To stop spam checking of Internal mail

Troy R. LeBouef troy at lebouef.com
Thu Jul 24 20:49:00 EDT 2003 

How do you get this subroutine to run in mimedefang.filter ? Where do
you insert it ? Or how do you get it to call it ?

-----Original Message-----
From: Mathew Thomas [mailto:mathew.thomas at rmit.edu.au] 
Sent: Friday, July 18, 2003 12:34 AM
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] To stop spam checking of Internal mail


Thank you all for the script and it is working fine. This script will
not do any filtering if the mail is from trusted domain. I have also
looked at similar script which uses same method to check IP and if the
IP is from the trusted network, it will not do SpamAssassin check.

use Socket;

sub relayIsTrusted($) {

  my ($address) = @_;
  
  my %trustedSubnets = (
  
    '127.0.0.1'       => '255.255.255.255',
    '204.182.112.64'  => '255.255.255.224',
    '64.38.151.160'   => '255.255.255.224'  
    
  );
  
  my $trustedRelay = 0;
  
  my $addr = inet_aton $address;
  while (my ($networkString, $netmaskString) = each %trustedSubnets) {
    my $network = inet_aton $networkString;
    my $netmask = inet_aton $netmaskString;
    if (($addr & $netmask) eq $network) { $trustedRelay = 1; last; }
  }
  
  return $trustedRelay;
  
}

Mathew
RMIT University
Australia

>>> qralston+ml.mimedefang at andrew.cmu.edu 17/07/03 8:14:53 >>>
On 2003-07-15 at 22:32:27-0400 "Kevin A. McGrail"
<kmcgrail at peregrinehw.com> wrote:
> if ($hostip eq '127.0.0.1' or $hostip =~ /^10\.10\.10\./) {

No offense intended, but regex-matching against the textual
representation of the IP address is an ugly hack.  ;)

It's better to do something like this:

    use Socket;

    sub filter_relay ($$$) {

        my ($hostip, $hostname, $helo) = @_;

        my $addr = '';
        my $network_string = '';
        my $mask_string = '';

        # List networks that should be exempt from all filtering by
        # putting their network/mask pairs into the exempt_subnets
        # associative array.  (Follow the example for the loopback.)

        my %exempt_subnets = (
            '127.0.0.0',    '255.0.0.0',            # loopback
        );

        # If the address of the connecting client falls within one of
        # the subnets defined by %exempt_subnets, then bypass all
        # further filtering.

        $addr = inet_aton $hostip;
        while (($network_string, $mask_string) = each %exempt_subnets) {
            my $network = inet_aton $network_string;
            my $mask = inet_aton $mask_string;
            if (($addr & $mask) eq $network) {
                return ('ACCEPT_AND_NO_MORE_FILTERING', 'ok');
            }
        }

        # The client isn't in an exempt subnet; filtering should
        # continue.
        return ('CONTINUE', 'ok');

    }

This method also works if your netblock falls on a non-class boundary,
which is a condition very difficult to match with regexes.  (It's
probably faster than using regexes as well, but I haven't tested
that.)

-- 
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA

_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com 
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list