[Mimedefang] To stop spam checking of Internal mail
Mathew Thomas
mathew.thomas at rmit.edu.au
Fri Jul 18 02:01:02 EDT 2003
Thank you all for the script and it is working fine. This script will not do any filtering if the mail is from trusted domain. I have also looked at similar script which uses same method to check IP and if the IP is from the trusted network, it will not do SpamAssassin check.
use Socket;
sub relayIsTrusted($) {
my ($address) = @_;
my %trustedSubnets = (
'127.0.0.1' => '255.255.255.255',
'204.182.112.64' => '255.255.255.224',
'64.38.151.160' => '255.255.255.224'
);
my $trustedRelay = 0;
my $addr = inet_aton $address;
while (my ($networkString, $netmaskString) = each %trustedSubnets) {
my $network = inet_aton $networkString;
my $netmask = inet_aton $netmaskString;
if (($addr & $netmask) eq $network) { $trustedRelay = 1; last; }
}
return $trustedRelay;
}
Mathew
RMIT University
Australia
>>> qralston+ml.mimedefang at andrew.cmu.edu 17/07/03 8:14:53 >>>
On 2003-07-15 at 22:32:27-0400 "Kevin A. McGrail" <kmcgrail at peregrinehw.com> wrote:
> if ($hostip eq '127.0.0.1' or $hostip =~ /^10\.10\.10\./) {
No offense intended, but regex-matching against the textual
representation of the IP address is an ugly hack. ;)
It's better to do something like this:
use Socket;
sub filter_relay ($$$) {
my ($hostip, $hostname, $helo) = @_;
my $addr = '';
my $network_string = '';
my $mask_string = '';
# List networks that should be exempt from all filtering by
# putting their network/mask pairs into the exempt_subnets
# associative array. (Follow the example for the loopback.)
my %exempt_subnets = (
'127.0.0.0', '255.0.0.0', # loopback
);
# If the address of the connecting client falls within one of
# the subnets defined by %exempt_subnets, then bypass all
# further filtering.
$addr = inet_aton $hostip;
while (($network_string, $mask_string) = each %exempt_subnets) {
my $network = inet_aton $network_string;
my $mask = inet_aton $mask_string;
if (($addr & $mask) eq $network) {
return ('ACCEPT_AND_NO_MORE_FILTERING', 'ok');
}
}
# The client isn't in an exempt subnet; filtering should
# continue.
return ('CONTINUE', 'ok');
}
This method also works if your netblock falls on a non-class boundary,
which is a condition very difficult to match with regexes. (It's
probably faster than using regexes as well, but I haven't tested
that.)
--
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list