You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2007/01/01 23:40:10 UTC
svn commit: r491665 - in /spamassassin/trunk: lib/Mail/SpamAssassin/Conf.pm
lib/Mail/SpamAssassin/Conf/Parser.pm lib/Mail/SpamAssassin/NetSet.pm
t/trust_path.t
Author: jm
Date: Mon Jan 1 14:40:10 2007
New Revision: 491665
URL: http://svn.apache.org/viewvc?view=rev&rev=491665
Log:
bug 5259: always implicitly trust 127/8 and consider it internal; add test cases; support its removal too; and document it
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Conf/Parser.pm
spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm
spamassassin/trunk/t/trust_path.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm?view=diff&rev=491665&r1=491664&r2=491665
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm Mon Jan 1 14:40:10 2007
@@ -635,6 +635,11 @@
will result in all those networks becoming trusted. To clear out the
existing entries, use C<clear_trusted_networks>.
+The loopback C<127/8> network (127.*.*.*) is always trusted, unless explicitly
+rendered untrusted using
+
+ trusted_networks !127/8
+
If C<trusted_networks> is not set and C<internal_networks> is, the value
of C<internal_networks> will be used for this parameter.
@@ -687,7 +692,7 @@
setting => 'clear_trusted_networks',
code => sub {
my ($self, $key, $value, $line) = @_;
- $self->{trusted_networks} = Mail::SpamAssassin::NetSet->new();
+ $self->{trusted_networks} = $self->new_netset();
}
});
@@ -715,6 +720,11 @@
Every entry in C<internal_networks> must appear in C<trusted_networks>; in
other words, C<internal_networks> is always a subset of the trusted set.
+The loopback C<127/8> network (127.*.*.*) is always internal, unless explicitly
+rendered external using something like
+
+ internal_networks !127/8
+
=cut
push (@cmds, {
@@ -740,7 +750,7 @@
setting => 'clear_internal_networks',
code => sub {
my ($self, $key, $value, $line) = @_;
- $self->{internal_networks} = Mail::SpamAssassin::NetSet->new();
+ $self->{internal_networks} = $self->new_netset();
}
});
@@ -2713,8 +2723,8 @@
$self->{more_spam_to} = { };
$self->{all_spam_to} = { };
- $self->{trusted_networks} = Mail::SpamAssassin::NetSet->new();
- $self->{internal_networks} = Mail::SpamAssassin::NetSet->new();
+ $self->{trusted_networks} = $self->new_netset();
+ $self->{internal_networks} = $self->new_netset();
# Make sure we add in X-Spam-Checker-Version
$self->{headers_spam}->{"Checker-Version"} =
@@ -3125,6 +3135,13 @@
delete $self->{source_file};
delete $self->{meta_dependencies};
}
+}
+
+sub new_netset {
+ my ($self) = @_;
+ my $set = Mail::SpamAssassin::NetSet->new();
+ $set->add_cidr ('127/8');
+ return $set;
}
###########################################################################
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Conf/Parser.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Conf/Parser.pm?view=diff&rev=491665&r1=491664&r2=491665
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Conf/Parser.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Conf/Parser.pm Mon Jan 1 14:40:10 2007
@@ -934,7 +934,7 @@
# check that all internal_networks are listed in trusted_networks
# too.
- if ($ni->get_num_nets() > 0 && $nt->get_num_nets() > 0) {
+ if ($ni->get_num_nets() > 1 && $nt->get_num_nets() > 1) {
my $replace_nets;
my @valid_ni = ();
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm?view=diff&rev=491665&r1=491664&r2=491665
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm Mon Jan 1 14:40:10 2007
@@ -73,15 +73,34 @@
}
$bits = 32 if (!defined $bits);
-
- next if ($self->is_net_declared($ip, $bits, $exclude, 0));
-
my $mask = 0xFFffFFff ^ ((2 ** (32-$bits)) - 1);
+ my $ipaton = (Mail::SpamAssassin::Util::my_inet_aton($ip) & $mask);
+
+ # if this is the _exact_ opposite of an existing entry, then replace that
+ # original entry with a no-op. (Don't just remove it, since the number of
+ # entries found is used to determine if any were specified.)
+ foreach my $i (0 .. (scalar @{$self->{nets}} - 1)) {
+ my $ent = $self->{nets}->[$i];
+
+ if (defined $ent->{ip}
+ && $ipaton == $ent->{ip}
+ && $mask == $ent->{mask}
+ && $exclude == ($ent->{exclude} ? 0 : 1))
+ {
+ splice @{$self->{nets}}, $i, 1, {
+ mask => undef,
+ exclude => undef,
+ ip => undef,
+ as_string => "REMOVED"
+ };
+ next;
+ }
+ }
push @{$self->{nets}}, {
mask => $mask,
exclude => $exclude,
- ip => (Mail::SpamAssassin::Util::my_inet_aton($ip) & $mask),
+ ip => $ipaton,
as_string => $_
};
$numadded++;
@@ -102,12 +121,18 @@
return 0 unless (defined $self->{nets});
+ # a defined net always contains the 'REMOVED' one
+ if (!defined $network && !defined $mask) {
+ return 1;
+ }
+
$exclude = 0 if (!defined $exclude);
$quiet = 0 if (!defined $quiet);
$declared = 0 if (!defined $declared);
foreach my $net (@{$self->{nets}}) {
# a net can not be contained by a (smaller) net with a larger mask
+ next if (!defined $net->{ip});
next if ($net->{mask} > $mask);
# check to see if the new network is contained by the old network
@@ -144,7 +169,9 @@
$ip = Mail::SpamAssassin::Util::my_inet_aton($ip);
foreach my $net (@{$self->{nets}}) {
- return !$net->{exclude} if (($ip & $net->{mask}) == $net->{ip});
+ if (defined $net->{ip} && ($ip & $net->{mask}) == $net->{ip}) {
+ return !$net->{exclude};
+ }
}
0;
}
Modified: spamassassin/trunk/t/trust_path.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/trust_path.t?view=diff&rev=491665&r1=491664&r2=491665
==============================================================================
--- spamassassin/trunk/t/trust_path.t (original)
+++ spamassassin/trunk/t/trust_path.t Mon Jan 1 14:40:10 2007
@@ -18,7 +18,7 @@
use lib '.'; use lib 't';
use SATest; sa_t_init("trust_path");
-use Test; BEGIN { plan tests => 24 };
+use Test; BEGIN { plan tests => 45 };
use strict;
@@ -27,6 +27,115 @@
# ---------------------------------------------------------------------------
+# 127/8 implicitly trusted as default
+q{
+
+ Received: from sender.net (127.0.1.2) by receiver.net
+ with SMTP; 10 Nov 2005 00:00:00 -0000
+
+} => q{
+
+Trusted: [ ip=127.0.1.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=1 id= auth= ]
+Untrusted:
+
+},
+
+# ---------------------------------------------------------------------------
+
+# 127/8 explicitly trusted
+q{
+
+ trusted_networks 127/8
+ Received: from sender.net (127.0.1.2) by receiver.net
+ with SMTP; 10 Nov 2005 00:00:00 -0000
+
+} => q{
+
+Trusted: [ ip=127.0.1.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=1 id= auth= ]
+Untrusted:
+
+},
+
+# 127/8 explicitly trusted along with others
+q{
+
+ trusted_networks 127/8 1.2.2.1
+ Received: from sender.net (127.0.1.2) by receiver.net
+ with SMTP; 10 Nov 2005 00:00:00 -0000
+
+} => q{
+
+Trusted: [ ip=127.0.1.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=1 id= auth= ]
+Untrusted:
+
+},
+
+# ---------------------------------------------------------------------------
+
+# 127/8 explicitly untrusted
+q{
+
+ trusted_networks 1.2/16 !127/8
+ internal_networks 1.2/16 !127/8
+ Received: from sender.net (127.0.1.2) by receiver.net
+ with SMTP; 10 Nov 2005 00:00:00 -0000
+
+} => q{
+
+Trusted:
+Untrusted: [ ip=127.0.1.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=0 id= auth= ]
+
+},
+
+# ---------------------------------------------------------------------------
+
+# 127/8 implicitly trusted
+q{
+
+ trusted_networks 1.2/16
+ Received: from sender.net (127.0.1.2) by receiver.net
+ with SMTP; 10 Nov 2005 00:00:00 -0000
+
+} => q{
+
+Trusted: [ ip=127.0.1.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=1 id= auth= ]
+Untrusted:
+
+},
+
+# ---------------------------------------------------------------------------
+
+# trusted, then not
+q{
+
+ trusted_networks 1.2/16 !1.2/16
+ Received: from sender.net (1.2.3.2) by receiver.net
+ with SMTP; 10 Nov 2005 00:00:00 -0000
+
+} => q{
+
+Trusted:
+Untrusted: [ ip=1.2.3.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=0 id= auth= ]
+
+},
+
+# ---------------------------------------------------------------------------
+
+q{
+
+ trusted_networks 1.2/16
+ Received: from sender.net (1.1.1.2) by receiver.net
+ with SMTP; 10 Nov 2005 00:00:00 -0000
+
+} => q{
+
+Trusted:
+Untrusted: [ ip=1.1.1.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=0 id= auth= ]
+
+},
+
+# ---------------------------------------------------------------------------
+
q{
trusted_networks 1.1/16
@@ -181,10 +290,12 @@
"clear_trusted_networks\n".
"clear_internal_networks\n";
- $hdrs =~ s/^\s*(trusted_networks\s+[^\n]*)//gs;
- if ($1) { $conf .= $1."\n"; }
- $hdrs =~ s/^\s*(internal_networks\s+[^\n]*)//gs;
- if ($1) { $conf .= $1."\n"; }
+ if ($hdrs =~ s/^\s*(trusted_networks\s+[^\n]*)//gs) {
+ $conf .= $1."\n";
+ }
+ if ($hdrs =~ s/^\s*(internal_networks\s+[^\n]*)//gs) {
+ if ($1) { $conf .= $1."\n"; }
+ }
tstprefs ($conf);
@@ -228,7 +339,7 @@
print "expected: $expected\n";
print "got : $relays\n\n";
- die "dying on first test failure";
+ # die "dying on first test failure";
}
$status->finish();