You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by do...@apache.org on 2005/12/09 03:29:23 UTC

svn commit: r355324 - in /spamassassin/branches/3.1/lib/Mail/SpamAssassin: Conf.pm NetSet.pm

Author: dos
Date: Thu Dec  8 18:29:21 2005
New Revision: 355324

URL: http://svn.apache.org/viewcvs?rev=355324&view=rev
Log:
bug 4672: Add syntax to exclude hosts/networks from trusted/internal networks

Modified:
    spamassassin/branches/3.1/lib/Mail/SpamAssassin/Conf.pm
    spamassassin/branches/3.1/lib/Mail/SpamAssassin/NetSet.pm

Modified: spamassassin/branches/3.1/lib/Mail/SpamAssassin/Conf.pm
URL: http://svn.apache.org/viewcvs/spamassassin/branches/3.1/lib/Mail/SpamAssassin/Conf.pm?rev=355324&r1=355323&r2=355324&view=diff
==============================================================================
--- spamassassin/branches/3.1/lib/Mail/SpamAssassin/Conf.pm (original)
+++ spamassassin/branches/3.1/lib/Mail/SpamAssassin/Conf.pm Thu Dec  8 18:29:21 2005
@@ -870,11 +870,26 @@
 octets.  If a mask is not specified, and there is not trailing dot, then just
 the single IP address specified is used, as if the mask was C</32>.
 
+If a network or host address is prefaced by a C<!> the network or host will be
+excluded (or included) in a first listed match fashion.
+
 Examples:
 
     trusted_networks 192.168/16 127/8		# all in 192.168.*.* and 127.*.*.*
     trusted_networks 212.17.35.15		# just that host
     trusted_networks 127.			# all in 127.*.*.*
+
+Inclusion/Exclusion examples:
+
+    # include all of 10.0.1/24 except for 10.0.1.5
+    trusted_networks !10.0.1.5 10.0.1/24
+
+    # include all of 10.0.1/24, the !10.0.1.5 has no effect
+    trusted_networks 10.0.1/24 !10.0.1.5
+
+    # include all RFC1918 address space except subnet 172.16.3/24 but
+    # including host 172.16.3.3 within the excluded 172.16.3/24
+    trusted_networks 172.16.3.3 !172.16.3/24 172.16/12 10/8 192.168/16
 
 This operates additively, so a C<trusted_networks> line after another one
 will result in all those networks becoming trusted.  To clear out the

Modified: spamassassin/branches/3.1/lib/Mail/SpamAssassin/NetSet.pm
URL: http://svn.apache.org/viewcvs/spamassassin/branches/3.1/lib/Mail/SpamAssassin/NetSet.pm?rev=355324&r1=355323&r2=355324&view=diff
==============================================================================
--- spamassassin/branches/3.1/lib/Mail/SpamAssassin/NetSet.pm (original)
+++ spamassassin/branches/3.1/lib/Mail/SpamAssassin/NetSet.pm Thu Dec  8 18:29:21 2005
@@ -52,6 +52,7 @@
   my $numadded = 0;
 
   foreach (@nets) {
+    my $exclude = s/^\s*!// ? 1 : 0;
     my ($ip, $bits) = m#^\s*([\d\.]+)(?:/(\d+))?\s*$#;
 
     my $err = "netset: illegal network address given: '$_'\n";
@@ -74,8 +75,9 @@
     my $mask = 0xFFffFFff ^ ((2 ** (32-$bits)) - 1);
 
     push @{$self->{nets}}, {
-      mask => $mask,
-      ip   => Mail::SpamAssassin::Util::my_inet_aton($ip) & $mask
+      mask    => $mask,
+      exclude => $exclude,
+      ip      => Mail::SpamAssassin::Util::my_inet_aton($ip) & $mask
     };
     $numadded++;
   }
@@ -97,7 +99,7 @@
 
   $ip = Mail::SpamAssassin::Util::my_inet_aton($ip);
   foreach my $net (@{$self->{nets}}) {
-    return 1 if (($ip & $net->{mask}) == $net->{ip});
+    return !$net->{exclude} if (($ip & $net->{mask}) == $net->{ip});
   }
   0;
 }