[Pymilter] [PATCH] Accept DNS names in iniplist

David Caldwell david at porkrind.org
Mon Mar 24 20:14:25 EDT 2014 

The iniplist() function takes an ip address and reports whether it is in
a list or not. This patch lets you use a DNS name in the list and
resolves it when looking for the IP address.

This lets settings like "trusted_relay" in the spf milter use a DNS name
which is stable in the long term, where the IP address is not.

-David
-------------- next part --------------
Index: Milter/utils.py
===================================================================
RCS file: /cvsroot/pymilter/pymilter/Milter/utils.py,v
retrieving revision 1.13
diff -p -u -d -r1.13 utils.py
--- Milter/utils.py	12 Mar 2013 01:46:08 -0000	1.13
+++ Milter/utils.py	24 Mar 2014 23:45:30 -0000
@@ -10,6 +10,7 @@ from fnmatch import fnmatchcase
 from email.Header import decode_header
 #import email.Utils
 import rfc822
+from Milter.dns import DNSLookup
 
 PAT_IP4 = r'\.'.join([r'(?:\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])']*4)
 ip4re = re.compile(PAT_IP4+'$')
@@ -26,6 +27,7 @@ ip6re = re.compile(                 '(?:
     'ls32': r'(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|%s)'%PAT_IP4,
     'hex4': r'[0-9a-f]{1,4}'
     }, re.IGNORECASE)
+dnsre = re.compile(r'^[a-z][-a-z\d.]+$', re.IGNORECASE)
 
 # from spf.py
 def addr2bin(s):
@@ -67,6 +69,10 @@ def iniplist(ipaddr,iplist):
   True
   >>> iniplist('192.168.0.45',['192.168.0.*'])
   True
+  >>> iniplist('4.2.2.2',['b.resolvers.Level3.net'])
+  True
+  >>> iniplist('4.2.2.2',['nothing.example.com'])
+  False
   >>> iniplist('2001:610:779:0:223:6cff:fe9a:9cf3',['127.0.0.1','172.20.1.0/24','2001:610:779::/48'])
   True
   >>> iniplist('2G01:610:779:0:223:6cff:fe9a:9cf3',['127.0.0.1','172.20.1.0/24','2001:610:779::/48'])
@@ -96,6 +102,11 @@ def iniplist(ipaddr,iplist):
         n = 128
       if cidr(bin2long6(inet_pton(p[0])),n,MASK6) == cidr(ipnum,n,MASK6):
         return True
+    elif dnsre.match(p[0]):
+      dns_resp = DNSLookup(p[0], 'A')
+      for r in dns_resp:
+        if addr2bin(r[1]) == ipnum:
+          return True
     elif fnmatchcase(ipaddr,pat):
       return True
   return False
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4219 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://gathman.org/pipermail/pymilter/attachments/20140324/515bdb6f/attachment.p7s>

More information about the Pymilter mailing list