You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by do...@apache.org on 2005/12/09 03:29:23 UTC
svn commit: r355324 - in /spamassassin/branches/3.1/lib/Mail/SpamAssassin:
Conf.pm NetSet.pm
Author: dos
Date: Thu Dec 8 18:29:21 2005
New Revision: 355324
URL: http://svn.apache.org/viewcvs?rev=355324&view=rev
Log:
bug 4672: Add syntax to exclude hosts/networks from trusted/internal networks
Modified:
spamassassin/branches/3.1/lib/Mail/SpamAssassin/Conf.pm
spamassassin/branches/3.1/lib/Mail/SpamAssassin/NetSet.pm
Modified: spamassassin/branches/3.1/lib/Mail/SpamAssassin/Conf.pm
URL: http://svn.apache.org/viewcvs/spamassassin/branches/3.1/lib/Mail/SpamAssassin/Conf.pm?rev=355324&r1=355323&r2=355324&view=diff
==============================================================================
--- spamassassin/branches/3.1/lib/Mail/SpamAssassin/Conf.pm (original)
+++ spamassassin/branches/3.1/lib/Mail/SpamAssassin/Conf.pm Thu Dec 8 18:29:21 2005
@@ -870,11 +870,26 @@
octets. If a mask is not specified, and there is not trailing dot, then just
the single IP address specified is used, as if the mask was C</32>.
+If a network or host address is prefaced by a C<!> the network or host will be
+excluded (or included) in a first listed match fashion.
+
Examples:
trusted_networks 192.168/16 127/8 # all in 192.168.*.* and 127.*.*.*
trusted_networks 212.17.35.15 # just that host
trusted_networks 127. # all in 127.*.*.*
+
+Inclusion/Exclusion examples:
+
+ # include all of 10.0.1/24 except for 10.0.1.5
+ trusted_networks !10.0.1.5 10.0.1/24
+
+ # include all of 10.0.1/24, the !10.0.1.5 has no effect
+ trusted_networks 10.0.1/24 !10.0.1.5
+
+ # include all RFC1918 address space except subnet 172.16.3/24 but
+ # including host 172.16.3.3 within the excluded 172.16.3/24
+ trusted_networks 172.16.3.3 !172.16.3/24 172.16/12 10/8 192.168/16
This operates additively, so a C<trusted_networks> line after another one
will result in all those networks becoming trusted. To clear out the
Modified: spamassassin/branches/3.1/lib/Mail/SpamAssassin/NetSet.pm
URL: http://svn.apache.org/viewcvs/spamassassin/branches/3.1/lib/Mail/SpamAssassin/NetSet.pm?rev=355324&r1=355323&r2=355324&view=diff
==============================================================================
--- spamassassin/branches/3.1/lib/Mail/SpamAssassin/NetSet.pm (original)
+++ spamassassin/branches/3.1/lib/Mail/SpamAssassin/NetSet.pm Thu Dec 8 18:29:21 2005
@@ -52,6 +52,7 @@
my $numadded = 0;
foreach (@nets) {
+ my $exclude = s/^\s*!// ? 1 : 0;
my ($ip, $bits) = m#^\s*([\d\.]+)(?:/(\d+))?\s*$#;
my $err = "netset: illegal network address given: '$_'\n";
@@ -74,8 +75,9 @@
my $mask = 0xFFffFFff ^ ((2 ** (32-$bits)) - 1);
push @{$self->{nets}}, {
- mask => $mask,
- ip => Mail::SpamAssassin::Util::my_inet_aton($ip) & $mask
+ mask => $mask,
+ exclude => $exclude,
+ ip => Mail::SpamAssassin::Util::my_inet_aton($ip) & $mask
};
$numadded++;
}
@@ -97,7 +99,7 @@
$ip = Mail::SpamAssassin::Util::my_inet_aton($ip);
foreach my $net (@{$self->{nets}}) {
- return 1 if (($ip & $net->{mask}) == $net->{ip});
+ return !$net->{exclude} if (($ip & $net->{mask}) == $net->{ip});
}
0;
}