So far, I have a perl script that pulls the originating IP from email and another perl script that uses the file created by it to serve that information.
Question is, should I implement an IP whitelist and if so, how do I do partial pattern matches? For example, 192.168. could represent private class C subnets. Another fragment that would likely be used is 127.0.0., which represents loopback addresses. I might want to add a partial remote address for pdx.edu, 131 something. I need to check the IP's that are listed for partial matches and remove matches from the list. What I am envisioning, a spammer manages to forge an IP address I have to accept email from causing me to lose legitimate email. While spam is not going to have an RFC1918 address in it, someone may put a local message in their spam folder accidentally. If the timing is right, that message ends up in the spam account and could end up being processed. While this is only a problem if the IP server is probed by an internal email server, having bad information in the IP server is probably a bad idea. All the server does is answer YES meaning that the IP is listed or NO which means that it isn't listed. I don't know how to encrypt data transmissions that are established using Net::EasyTCP, another issue. Logically, it should say NO if asked about a local address or an address that should never be listed. What is the likelihood of a spammer forging say pdx.edu or the google address that hosts gmail? Is this a problem I need to solve or not? _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
