OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Colin Campbell (sgcccdc_at_citec.qld.gov.au)
Date: Mon Feb 03 2003 - 17:18:42 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi,

    Near as I can work out there is no way to define a "catchall" for indexed access
    maps. Would it be possible to have something like "[NOTFOUND]" added as a
    catchall key? It doesn't appear to match any of the "legitimate" keys, so it
    should be okay. I know I could use it. Or am I just being stupid trying to avoid
    using pcre/regexp maps where ".*" is the answer. (or is that just "."?)

    Why do I want it? I want to do a lot of compund comparisons, like, for example
    to control access by internal hosts but also do selective filtering. I'm
    guessing something like the following would work. If we get to the sender domain
    check we know the host is allowed to send email - hosts not listed would have
    been denied access. (or do I misunderstand this completely).

            check_client_access
                    # reject all but a list of known hosts, eg
                    # ip1 DUNNO
                    # ip2 DUNNO
                    # [NOTFOUND] REJECT
            check_sender_domain
                    # d1.tld OK
                    # d2.tld FILTER:smtp:myfilterhost

    Colin