1150 – RFE: whitelist mail that was *not* relayed by a given host

Bug 1150 - RFE: whitelist mail that was *not* relayed by a given host

Summary: RFE: whitelist mail that was *not* relayed by a given host

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Rules (Eval Tests) (show other bugs)
Version:	2.43
Hardware:	All All

Importance:	P5 enhancement
Target Milestone:	3.0.0
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-10-24 11:52 UTC by Kurt Andersen
Modified:	2004-02-28 05:25 UTC (History)
CC List:	0 users

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kurt Andersen 2002-10-24 11:52:36 UTC

Working within a corporate firewall with defined bastion hosts,
I found that a modification of the whitelist_from_rcvd function
allows me to whitelist all of our internal addresses as long as
the mail "from" those addresses does *NOT* pass through the
bastion hosts.  

The enhancement is two-fold:
- enable regexp parsing of the domain argument
- enable negation of the domain argument which effectively 
   implements a "whitelist <address> if not received via <domain>"

Here's a diff for EvalTests.pm:
*** EvalTests.pm.orig   Thu Oct 24 10:21:56 2002
--- EvalTests.pm        Thu Oct 24 11:09:58 2002
***************
*** 680,692 ****
    foreach my $white_addr (keys %{$list}) {
      my $regexp = $list->{$white_addr}{re};
      my $domain = $list->{$white_addr}{domain};
!     # warn("checking $addr against $regexp + $domain\n");
      if ($addr =~ /$regexp/i) {
        # warn("Looking for $domain\n");
        my $rcvd = $self->get('Received');
!       if ($rcvd =~
/from.*\b\Q$domain\E.*[\[\(][0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[\]\)].*\bby\b/) {
          # warn("Found it.\n");
!         return 1;
        }
      }
    }
--- 680,696 ----
    foreach my $white_addr (keys %{$list}) {
      my $regexp = $list->{$white_addr}{re};
      my $domain = $list->{$white_addr}{domain};
!     my $mode = $domain =~ /^!/ ? 0 : 1;
!     $domain =~ s/^!//;
!     # warn("checking $addr against $regexp + $domain ($mode)\n");
      if ($addr =~ /$regexp/i) {
        # warn("Looking for $domain\n");
        my $rcvd = $self->get('Received');
!       if ($rcvd =~
/from.*\b$domain.*[\[\(][0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[\]\)].*\bby\b/) {
          # warn("Found it.\n");
!         return $mode;
!       } else {
!       return ! $mode;
        }
      }
    }

Comment 1 Duncan Findlay 2002-12-24 20:46:49 UTC

Kurt, please make a patch (-u) against latest CVS and _attach_ to this bugzilla
bug. Thanks.

Comment 2 Justin Mason 2004-02-28 14:23:22 UTC

BTW, a better way to do this will be in 3.0.0 ;)

Basically you list your internal nets as trusted networks using
"trusted_network"; also any other external hosts you trust not to *originate*
spam.  Then if a message has not travelled via any untrusted relay, it gets an
ALL_TRUSTED bonus.

Comment 3 Justin Mason 2004-02-28 14:25:19 UTC

retitling in case we still want this functionality.  Personally, I think it'll
be superfluous with the ALL_TRUSTED rule doing more or less the same thing, so
marking WONTFIX unless anyone else wants it...