[Mimedefang] To stop spam checking of Internal mail
James Ralston
qralston+ml.mimedefang at andrew.cmu.edu
Wed Jul 16 18:15:08 EDT 2003
On 2003-07-15 at 22:32:27-0400 "Kevin A. McGrail" <kmcgrail at peregrinehw.com> wrote:
> if ($hostip eq '127.0.0.1' or $hostip =~ /^10\.10\.10\./) {
No offense intended, but regex-matching against the textual
representation of the IP address is an ugly hack. ;)
It's better to do something like this:
use Socket;
sub filter_relay ($$$) {
my ($hostip, $hostname, $helo) = @_;
my $addr = '';
my $network_string = '';
my $mask_string = '';
# List networks that should be exempt from all filtering by
# putting their network/mask pairs into the exempt_subnets
# associative array. (Follow the example for the loopback.)
my %exempt_subnets = (
'127.0.0.0', '255.0.0.0', # loopback
);
# If the address of the connecting client falls within one of
# the subnets defined by %exempt_subnets, then bypass all
# further filtering.
$addr = inet_aton $hostip;
while (($network_string, $mask_string) = each %exempt_subnets) {
my $network = inet_aton $network_string;
my $mask = inet_aton $mask_string;
if (($addr & $mask) eq $network) {
return ('ACCEPT_AND_NO_MORE_FILTERING', 'ok');
}
}
# The client isn't in an exempt subnet; filtering should
# continue.
return ('CONTINUE', 'ok');
}
This method also works if your netblock falls on a non-class boundary,
which is a condition very difficult to match with regexes. (It's
probably faster than using regexes as well, but I haven't tested
that.)
--
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA
More information about the MIMEDefang
mailing list