-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Julien,
I suggest a new config variable $IGNORE_RFC1918_A.
If enabled (1) A records with RFC1918 addresses aren't treated as bogus
addresses by policyd-weight
anymore and therefore bogus_mx_score is not added. So the current behavior
persists and can be
changed if needed. My Patch (see [1]) worked in my lab environment so far. I'll
upload the new package
soon to mentors and let you know.
Cheers,
Werner
[1]
- --- a/policyd-weight
+++ b/policyd-weight
@@ -483,6 +483,10 @@
# established connections to one policyd-weight
# child
+my $IGNORE_RFC1918_A = 0; # If enabled (1) A records with RFC1918 addresses
+ # aren't treated as bogus addresses by
policyd-weight
+ # and therefore bogus_mx_score isn't added.
+
# scores for checks, WARNING: they may manipulate eachother
# or be factors for other scores.
# HIT score, MISS Score
@@ -2208,8 +2212,18 @@
if($tmpcnt == 0)
{
- - $from_addresses .= ' '.$ip_address;
- - }
+ if($IGNORE_RFC1918_A == 1)
+ {
+ if($ip_address !~
/(127\.|192\.168\.|10\.|172\.(?:1[6-9]|2\d|3[01])\.)/)
+ {
+ $from_addresses .= ' '.$ip_address;
+ }
+ }
+ else
+ {
+ $from_addresses .= ' '.$ip_address;
+ }
+ }
$addresses .= ' '.$ip_address;
- --- a/policyd-weight.conf.sample
+++ b/policyd-weight.conf.sample
@@ -174,6 +174,10 @@
# established connections to one policyd-weight
# child
+ $IGNORE_RFC1918_A = 0; # If enabled (1) A records with RFC1918 addresses
+ # aren't treated as bogus addresses by
policyd-weight
+ # and therefore bogus_mx_score isn't added.
+
# scores for checks, WARNING: they may manipulate eachother
# or be factors for other scores.
# HIT score, MISS Score
- --- a/man/man5/policyd-weight.conf.5
+++ b/man/man5/policyd-weight.conf.5
@@ -86,6 +86,10 @@
If that many queries fail, the mail is accepted with \fB$MAXDNSERRMSG\fR.
.br
In total DNS queries this means: $MAXDNSERR * $DNS_RETRIES
+.IP "\fB$IGNORE_RFC1918_A\fR (default: 0)"
+.br
+If enabled (1) A records with RFC1918 addresses aren't treated as bogus
+addresses by policyd-weight and therefore bogus_mx_score isn't added.
.SH "MISC SETTINGS"
.ad
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
iQEcBAEBCgAGBQJWVioxAAoJECrSoAS/sh/hMIIH/34+52TEXESy5gssCMsTxI8Z
d7kZoCOzWifjEekZwyD34s1ePzAfJ8ssY16mXHG76agRUUgEkWNLwnBzPSm4znYW
pVHg9gP0nY5qt/FhDJOACYqIYlf7MhCDx90YLRlTOsEDq7/u9RQ63uf8hvP36LiM
npvE/xu6vM2sLLvykQmlWnw9btwiJgNjQHwQVOG3Fj0Y0uTN5CcKrV2Bs55ZHhH4
8XCD8qt+39h5oVMQT8y+xRAoYivG+BRT/uDo9KKKec8F5haATK98uZG3puzkhnNN
AayeoGiF9FAE8T06/1zKHcRV+wSZ33NI3IHD7BC8tZ+8SVCoGiTWHFs45YVw/2c=
=Q3n1
-----END PGP SIGNATURE-----
