[Pymilter] [PATCH] Accept DNS names in iniplist
David Caldwell
david at porkrind.org
Tue Mar 25 14:36:30 EDT 2014
On 3/25/14, 10:53 AM, Stuart D Gathman wrote:
> On 03/24/2014 08:14 PM, David Caldwell wrote:
>> The iniplist() function takes an ip address and reports whether it is in
>> a list or not. This patch lets you use a DNS name in the list and
>> resolves it when looking for the IP address.
>>
>> This lets settings like "trusted_relay" in the spf milter use a DNS name
>> which is stable in the long term, where the IP address is not.
>
> This is a good idea. The patch does not handle cidr, however, and
> I'm pretty sure from eyeballing it that it doesn't work for IP6 either.
> I'll polish it up and add it, however.
I've never seen the cidr slash notation used with DNS names, so I
explicitly chose not to support that. You're probably right about IPv6.
I don't really have a way to test that and just hoped for the best. :-)
Though I guess you'd need to look up both A and AAAA records, which I
didn't do.
> I've switched to using the ipaddr module in pyspf. I could have
> expand_iplist() return a list of IPNetwork from that module. The
> IPNetwork ctor automatically handles converting IP6 addresses from
> either 16 byte binary or string format, and collapse_address_list() will
> combine adjacent networks. A new in_address_list would check an ip
> against the output of expand_iplist(). This would prevent any new
> dependencies when using the old iniplist() function. What do you think?
I don't have a huge opinion about how it should be in the code, just as
long as I can specify stuff in the config file as DNS names. I trust you
are more familiar with the code (and python itself) than I am, and so
I'll defer to your judgement about the specifics. :-)
-David
<!DSPAM:144FA87C88B2559195813508>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4219 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://gathman.org/pipermail/pymilter/attachments/20140325/618b4026/attachment.p7s>
More information about the Pymilter
mailing list