From: WC -Sx- Jones (WC-Sx-Jonesinsecurity.org)
Date: Sun Apr 18 2004 - 17:29:00 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tony Earnshaw wrote:
>
> Mine works ;) But that's not the problem. The problem is having to
> produce thousands of variations.

Would you be willing to run all your e-mail thru an external
header filter? You could use this:

Evals 1 (True, found in CIDR) or 0 (False, not found in CIDR) -

#! /usr/local/bin/perl

# NOTE: This is a non-working rough draft.

use Mail::Internet ();
use Net::CIDR ':all';

my $fh; $fh = \*STDIN;

my $msg = Mail::Internet->new($fh, 'Modify' => 0, 'MailFrom' => 'KEEP');

# Get all headers and body stuff...
my headers = {$msg->head()->header()};
my body = {$msg->body()};

# Get the [ipaddr] out of header
foreach $x (headers) {
   next unless $x =~ /^Received:\s+from\s+.+
\(.+\[(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\]\)/i;

my $testIP = "$1.$2.$3.$4";

  # and test it -
  my list = ("192.68.0.0/24, 224.0.0.0/8");
  (Net::CIDR::cidrlookup($testIP, list)) ?
  # Do something for a match :
  # Else do something;
}

exit;

__END__

That way you could test all the e-mail headers against
a CIDR-Header check - mail-kick or not...

You would only need to list the CIDRs here:
my list= ("192.68.0.0/24, 224.0.0.0/8");

What do you think? When I get it working
I'll let ya know. The parts I am still looking
at are: DISCARD/REJECT the mail if it matches and/or
RE-INJECTING back into Postfix if it doesn't...

I'm still learning...

--
_Sx_ http://youve-reached-the.endoftheinternet.org/ _____
      http://jaxpm.insecurity.org/
      http://cis4dl.insecurity.org/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]