Hi Mark,
Do you have any idea why the CIDR notation is not working ? Or should I
push up the loglevel to find out what is wrong ? Am I using this
mechanism correctly in my final script ?
Greetings... Richard
Richard Smits wrote:
> Hi Mark,
>
> Thanks for the hint, but the CIDR style address is not working. It does
> work if i use a single IP address.
>
> This works
> my(@myisp) = qw( 93.157.1.5 );
>
> But if i use
> my(@myisp) = qw( 93.157.1.0/8 );
>
> It does not trigger....but i have made a few changes...maybe that is the
> reason.
>
> Now i use :
> if ($cl_ip eq Amavis::Lookup::IP::lookup_ip_acl($cl_ip,@myisp))
>
> instead of :
> if ($cl_ip ne '' && Amavis::Lookup::IP::lookup_ip_acl($cl_ip,@myisp))
>
> The way i want to design this mechanism is very clear now. If the isp
> sends us a message, it must not being spam checked at our own servers.
> If X-Spam = yes from last ISP mta , goto quarantaine
> If no X-Spam from last ISP mta is present, do not spamcheck.
> Everything else, normal spamcheck.
>
> I have a couple of CIDR style addresses from our isp...
>
> This is my final script... (I am almost there :-)
> --------------------------------------------
> package Amavis::Custom;
> use strict;
>
> BEGIN {
> import Amavis::Conf qw(:platform :confvars c cr ca);
> }
>
> # invoked at child process creation time;
> # return an object, or just undef when custom checks are not needed
> sub new {
> my($class,$conn,$msginfo) = @_;
> my($self) = bless {}, $class;
> my($xspam) = $msginfo->get_header_field_body('X-Spam-Flag',0);
> my($cl_ip) = $msginfo->client_addr;
> my(@myisp) = qw( 120.151.0.0/16 );
>
> # Check if our isp is the mta
> if ($cl_ip eq Amavis::Lookup::IP::lookup_ip_acl($cl_ip,@myisp)) {
> if ($xspam =~ /^[ \t]YES/) {
> $msginfo->add_contents_category(CC_SPAM,0);
> for my $r (@{$msginfo->per_recip_data}) {
> $r->add_contents_category(CC_SPAM,0);
> $r->bypass_spam_checks(1);
> }
> }
> # Our isp mta but no X-Spam-Flag
> for my $r (@{$msginfo->per_recip_data}) {
> $r->bypass_spam_checks(1);
> }
> }
> $self; # returning an object activates further callbacks,
> # returning undef disables them
> }
> 1; # insure a defined return
> --------------------------------------------
>
> Mark Martinec wrote:
>> Richard,
>>
>>> I have it working now, but an extra issue came up.
>>>
>>> We found out that more mta's put the "X-Spam-Flag" in their header, so i
>>> want to use the amavisd-custom.conf , only if the message comes from our
>>> isp.
>>>
>>> I have found a solution, I use :
>>>
>>> my($subj) = $msginfo->get_header_field_body('X-Spam-Flag',0);
>>> my($from) = $msginfo->get_header_field_body('Received',0);
>>>
>>> and then
>>>
>>> if ($subj =~ /^[ \t]YES/) {
>>> if ($from =~ /ourisp.com/) {
>> Don't forget to quote dots in regexp.
>>
>>> This works great, but i was wondering, is it possible to create an if
>>> statement, or something that looks like a policy bank in amavisd.conf,
>>> like the following :
>>>
>>> @myisp = qw ( 10.20.0.0/16 64.20.10.0/16 );
>>> $policy_bank{'MYISP'} = {
>>> include_config_files('/etc/amavisd-custom.conf');
>>> };
>> Won't work for two reasons:
>>
>> - currently the lookup_ip_acl routine can only return a boolean,
>> not a string (which would be useful to provide a policy bank name),
>> so the IP-based policy bank loading is only currently available
>> for @mynetworks, loading a MYNETS policy bank. This needs to be
>> generalized/improved dome day.
>>
>> - include_config_files() is not a run-time feature. It is like a
>> compiler's #include, either you have it in the code or you don't.
>>
>>> Maybe a policy bank is not the answer, but something like that.
>>> So if an IP number from our isp sends the message to our MTA, only then
>>> I do the quarantaine trick.
>>>
>>> Is something like this possible, or should i keep using the
>>> amavisd-custom.conf the way i use it know.
>> The IP address of a client is available to your code in a custom
>> hook. Just make an 'if' around your code section, e.g.:
>>
>>
>> my($cl_ip) = $msginfo->client_addr;
>> my(@myisp) = qw( 192.0.2.200 192.0.2.201 192.0.2.0/25 );
>> if ($cl_ip ne '' && Amavis::Lookup::IP::lookup_ip_acl($cl_ip,@myisp)) {
>> # your code here
>> }
>>
>>
>> Mark
>>
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>> Build the coolest Linux based applications with Moblin SDK & win great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> AMaViS-user mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/amavis-user
>> AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
>> AMaViS-HowTos:http://www.amavis.org/howto/
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> AMaViS-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/amavis-user
> AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
> AMaViS-HowTos:http://www.amavis.org/howto/
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
