https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7198
Bug ID: 7198
Summary: Let whitelist_from_rcvd also accept CIDR notation and
IPv6 address
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Libraries
Assignee: [email protected]
Reporter: [email protected]
Created attachment 5302
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5302&action=edit
WLBLEval.pm change, updated docs in Conf.pm
The whitelist_from_rcvd seems to be one of the last corners that still could
not deal with an IPv6 address, and could not accept IPv4 network address in
CIDR notation. As it happened, I just needed this feature, so here it is.
The man page now reads:
whitelist_from_rcvd [email protected] sourceforge.net
Works similarly to whitelist_from, except that in addition to
matching a sender address, a relay's rDNS name or its IP address
must match too for the whitelisting rule to fire. The first
parameter is a sender's e-mail address to whitelist, and the second
is a string to match the relay's rDNS, or its IP address. Matching
is case-insensitive.
This second parameter is matched against a TCP-info information
field as provided in a FROM clause of a trace information (i.e. in
a Received header field, see RFC 5321). Only the Received header
fields inserted by trusted hosts are considered. This parameter can
either be a full hostname, or a domain component of that hostname,
or an IP address (optionally followed by a slash and a prefix
length) in square brackets. The address prefix (mask) length with a
slash may stand within brackets along with an address, or may
follow the bracketed address. Reverse DNS lookup is done by an MTA,
not by SpamAssassin.
For backward compatibility as an alternative to a CIDR notation, an
IPv4 address in brackets may be truncated on classful boundaries to
cover whole subnets, e.g. "[10.1.2.3]", "[10.1.2]", "[10.1]", "[10]".
In other words, if the host that connected to your MX had an IP
address 192.0.2.123 that mapped to 'sendinghost.example.org', you
should specify "sendinghost.example.org", or "example.org", or
"[192.0.2.123]", or "[192.0.2.0/24]", or "[192.0.2]" here.
e.g.
whitelist_from_rcvd [email protected] example.com
whitelist_from_rcvd *@* mail.example.org
whitelist_from_rcvd *@axkit.org [192.0.2.123]
whitelist_from_rcvd *@axkit.org [192.0.2.0/24]
whitelist_from_rcvd *@axkit.org [192.0.2.0]/24
whitelist_from_rcvd *@axkit.org [2001:db8:1234::/48]
whitelist_from_rcvd *@axkit.org [2001:db8:1234::]/48
Note that this requires that "internal_networks" be correct. For
simple cases, it will be, but for a complex network you may get
better results by setting that parameter.
It also requires that your mail exchangers be configured to perform
DNS reverse lookups on the connecting host's IP address, and to
record the result in the generated Received header field according
to RFC 5321.
--
You are receiving this mail because:
You are the assignee for the bug.
