File: 14_ignore_rfc1918_a_records_config_option.patch

package info (click to toggle)
policyd-weight 0.1.15.2-12
  • links: PTS
  • area: main
  • in suites: bullseye, buster, stretch
  • size: 1,824 kB
  • ctags: 275
  • sloc: perl: 2,832; sh: 201; makefile: 35
file content (67 lines) | stat: -rw-r--r-- 2,781 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
Description: introduces new config option $IGNORE_RFC1918_A. If enabled A records with RFC1918 addresses
aren't treated as bogus addresses by policyd-weight and therefore bogus_mx_score isn't added.
Origin: Julien Cristau <jcristau@debian.org>
Author: Werner Detter <werner@aloah-from-hell.de>
DEP: 3
Bug-Debian: http://bugs.debian.org/799314

--- a/policyd-weight
+++ b/policyd-weight
@@ -482,6 +482,10 @@
                             # established connections to one policyd-weight
                             # child
 
+my $IGNORE_RFC1918_A = 0;   # If enabled (1) A records with RFC1918 addresses
+			    # aren't treated as bogus addresses by policyd-weight
+		            # and therefore bogus_mx_score isn't added.
+
 # scores for checks, WARNING: they may manipulate eachother
 # or be factors for other scores.
 #                                       HIT score, MISS Score
@@ -2207,8 +2211,18 @@
                         
                             if($tmpcnt == 0)
                             {
-                                $from_addresses .= ' '.$ip_address;
-                            }
+				if($IGNORE_RFC1918_A == 1)
+                                {
+                                    if($ip_address !~ /(127\.|192\.168\.|10\.|172\.(?:1[6-9]|2\d|3[01])\.)/)
+                                    {
+                                        $from_addresses .= ' '.$ip_address;
+                                    }
+                                }
+                                else
+                                {
+                                    $from_addresses .= ' '.$ip_address;
+				}
+			    }
 
                             $addresses .= ' '.$ip_address;
                         
--- a/policyd-weight.conf.sample
+++ b/policyd-weight.conf.sample
@@ -174,6 +174,10 @@
                             # established connections to one policyd-weight
                             # child
 
+   $IGNORE_RFC1918_A = 0;   # If enabled (1) A records with RFC1918 addresses
+                            # aren't treated as bogus addresses by policyd-weight
+                            # and therefore bogus_mx_score isn't added.
+
 # scores for checks, WARNING: they may manipulate eachother
 # or be factors for other scores.
 #                                       HIT score, MISS Score
--- a/man/man5/policyd-weight.conf.5
+++ b/man/man5/policyd-weight.conf.5
@@ -86,6 +86,10 @@
 If that many queries fail, the mail is accepted with \fB$MAXDNSERRMSG\fR.
 .br
 In total DNS queries this means: $MAXDNSERR * $DNS_RETRIES
+.IP "\fB$IGNORE_RFC1918_A\fR (default: 0)"
+.br
+If enabled (1) A records with RFC1918 addresses aren't treated as bogus
+addresses by policyd-weight and therefore bogus_mx_score isn't added.
 
 .SH "MISC SETTINGS"
 .ad