#29 SQLBlackWhiteList.pm: Class B/C entries, and exclusions

open
nobody
5
2012-03-22
2012-03-22
rodec
No

This is very similar to https://sourceforge.net/tracker/?func=detail&aid=1232929&group_id=87163&atid=582181 but supports both class B and class C entries, as well as allows for you to exclude specific IP's from these more general subnet entries.

So, for example, let's say I have a class C subnet, 192.168.241.0/24, that I generally trust. But there is one host, 192.168.241.4, that is accepting messages from the Internet at large and relaying to us without first scanning them. I can then whitelist 192.168.241 to whitelist the entire class C. But then I can also whitelist !192.168.241.4 to exclude that one particular host from the more general whitelist entry.

I have been using this in our 1.0.5 production installation for over a year with great success. Attached is a patch against 1.1.5.1 for your consideration.

Discussion

  • rodec
    rodec
    2012-03-22

    Well, it's not letting me attach a file, so...

    --- mailwatch-1.1.5.1.orig/MailScanner_perl_scripts/SQLBlackWhiteList.pm 2012-01-09 19:46:25.000000000 -0700
    +++ mailwatch-1.1.5.1.UAF/MailScanner_perl_scripts/SQLBlackWhiteList.pm 2012-03-22 13:23:23.000000000 -0700
    @@ -154,7 +154,7 @@
    return 0 unless $message; # Sanity check the input

    # Find the "from" address and the first "to" address
    - my($from, $fromdomain, @todomain, $todomain, @to, $to, $ip);
    + my($from, $fromdomain, @todomain, $todomain, @to, $to, $ip, $subip, $subipnodot, $subip2, $subip2nodot);
    $from = $message->{from};
    $fromdomain = $message->{fromdomain};
    @todomain = @{$message->{todomain}};
    @@ -162,20 +162,67 @@
    @to = @{$message->{to}};
    $to = $to[0];
    $ip = $message->{clientip};
    + $ip =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\./; # get 3 octets of IP
    + $subip = $&; # put 3 octets in var
    + $ip =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}/; # get 3 octets of IP
    + $subipnodot = $&; # put 3 octets in var
    + $ip =~ /^\d{1,3}\.\d{1,3}\./; # get 2 octets of IP
    + $subip2 = $&; # put 2 octets in var
    + $ip =~ /^\d{1,3}\.\d{1,3}/; # get 2 octets of IP
    + $subip2nodot= $&; # put 2 octets in var
    + $ip = $message->{clientip};
    +
    + # Entries preceded by a "!" are exceptions... i.e., if we have listed
    + # 192.168.241 in one entry, but also !192.168.241.4, then all addresses
    + # in the 192.168.241 network range are in the list, UNLESS it is
    + # 192.168.241.4, which should not be included.
    + return 0 if $BlackWhite->{$to}{'!' . $from};
    + return 0 if $BlackWhite->{$to}{'!' . $fromdomain};
    + return 0 if $BlackWhite->{$to}{'!' . $ip};
    + return 0 if $BlackWhite->{$to}{'!' . $subip};
    + return 0 if $BlackWhite->{$to}{'!' . $subipnodot};
    + return 0 if $BlackWhite->{$to}{'!' . $subip2};
    + return 0 if $BlackWhite->{$to}{'!' . $subip2nodot};
    + return 0 if $BlackWhite->{$todomain}{'!' . $from};
    + return 0 if $BlackWhite->{$todomain}{'!' . $fromdomain};
    + return 0 if $BlackWhite->{$todomain}{'!' . $ip};
    + return 0 if $BlackWhite->{$todomain}{'!' . $subip};
    + return 0 if $BlackWhite->{$todomain}{'!' . $subipnodot};
    + return 0 if $BlackWhite->{$todomain}{'!' . $subip2};
    + return 0 if $BlackWhite->{$todomain}{'!' . $subip2nodot};
    + return 0 if $BlackWhite->{'default'}{'!' . $from};
    + return 0 if $BlackWhite->{'default'}{'!' . $fromdomain};
    + return 0 if $BlackWhite->{'default'}{'!' . $ip};
    + return 0 if $BlackWhite->{'default'}{'!' . $subip};
    + return 0 if $BlackWhite->{'default'}{'!' . $subipnodot};
    + return 0 if $BlackWhite->{'default'}{'!' . $subip2};
    + return 0 if $BlackWhite->{'default'}{'!' . $subip2nodot};

    # It is in the list if either the exact address is listed,
    # or the domain is listed
    return 1 if $BlackWhite->{$to}{$from};
    return 1 if $BlackWhite->{$to}{$fromdomain};
    return 1 if $BlackWhite->{$to}{$ip};
    + return 1 if $BlackWhite->{$to}{$subip};
    + return 1 if $BlackWhite->{$to}{$subipnodot};
    + return 1 if $BlackWhite->{$to}{$subip2};
    + return 1 if $BlackWhite->{$to}{$subip2nodot};
    return 1 if $BlackWhite->{$to}{'default'};
    return 1 if $BlackWhite->{$todomain}{$from};
    return 1 if $BlackWhite->{$todomain}{$fromdomain};
    return 1 if $BlackWhite->{$todomain}{$ip};
    + return 1 if $BlackWhite->{$todomain}{$subip};
    + return 1 if $BlackWhite->{$todomain}{$subipnodot};
    + return 1 if $BlackWhite->{$todomain}{$subip2};
    + return 1 if $BlackWhite->{$todomain}{$subip2nodot};
    return 1 if $BlackWhite->{$todomain}{'default'};
    return 1 if $BlackWhite->{'default'}{$from};
    return 1 if $BlackWhite->{'default'}{$fromdomain};
    return 1 if $BlackWhite->{'default'}{$ip};
    + return 1 if $BlackWhite->{'default'}{$subip};
    + return 1 if $BlackWhite->{'default'}{$subipnodot};
    + return 1 if $BlackWhite->{'default'}{$subip2};
    + return 1 if $BlackWhite->{'default'}{$subip2nodot};

    # It is not in the list
    return 0;