#8 Excluding RFC1918 addresses

v0.2.9
closed-works-for-me
5
2005-11-23
2005-07-25
JJB
No

Suggest a command line option to denote that RFC1918
addresses should be ignored. The -a option should
remain as is and unaffected by this new option.

-jjb

Discussion

  • Anonymous - 2005-11-22
    • assigned_to: nobody --> sm-msk
     
  • Anonymous - 2005-11-22

    Logged In: YES
    user_id=1048957

    Would this be functionally identical to listing the RFC1918
    blocks in a peerfile, referenced by "-a"?

     
  • JJB

    JJB - 2005-11-22

    Logged In: YES
    user_id=1318636

    I think it is not exactly the same thing. Perhaps an
    example of what's going on will help.

    I have lots of cable and DSL customers who connect with SMTP
    AUTH and HELO with their internal NAT addresses. From what
    I can tell, there are no command line options I can use to
    prevent an error from being generated when they use my
    server to send mail.

     
  • Anonymous - 2005-11-23

    Logged In: YES
    user_id=1048957

    If sid-filter should basically ignore such clients, adding
    them to the peerlist (via "-a") should suffice. The
    peerlist is a list of domains and/or client IP addresses
    which the filter should just ignore on connection.

     
  • JJB

    JJB - 2005-11-23

    Logged In: YES
    user_id=1318636

    I think it is not exactly the same thing. Perhaps an
    example of what's going on will help.

    I have lots of cable and DSL customers who connect with SMTP
    AUTH and HELO with their internal NAT addresses. From what
    I can tell, there are no command line options I can use to
    prevent an error from being generated when they use my
    server to send mail.

     
  • JJB

    JJB - 2005-11-23

    Logged In: YES
    user_id=1318636

    (I confess fuzzy memory since I turned it off some time ago)

    The connecting address IP is public from anywhere, the HELO
    string contains a bracketed RFC1918 address from inside
    their NAT box. ISTR using -a didn't work because of this.

     
  • Anonymous - 2005-11-23

    Logged In: YES
    user_id=1048957

    The filter doesn't even look at the HELO value. The -a
    comparison is based only on the IP address of the connection
    and the result of the MTA trying to get a name for that IP
    address.

    Thus, if you just want it to ignore those IP blocks, adding
    them to the peerlist should suffice.

     
  • JJB

    JJB - 2005-11-23

    Logged In: YES
    user_id=1318636

    Ok, I'm satisfied with that. Thanks for the help.

     
  • Anonymous - 2005-11-23
    • status: open --> closed-works-for-me
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks