Author: Phil Pennock Date: To: Brent Jones CC: Exim Mailing List Subject: Re: [exim] CIDR mask matching behavior
On 2010-09-14 at 19:42 -0700, Brent Jones wrote: > I noticed some unexpected behavior in Exim when doing send IP address
> checks in the SMTP ACL, and later on in the system filter.
> In ACL's, you can specify CIDR masks on a non-network address.
>
> IE you can have 10.10.10.15/24, which is valid as 10.10.10.15 would
This is the specification of a netblock which uses a masklen; the lower
bits don't matter and can be ignored.
> fit inside a /24 under 10.10.10.0
> However, in a system filter doing something like this:
>
> ${mask:$sender_host_address/24} is 10.10.10.15/24
The ${mask:...} expansion operator is explicitly defined to mask out the
address so that you can do a literal comparison and ignore the lower
bits.
${mask:$sender_host_address/24} is ${mask:10.10.10.15/24}
> Has anyone encountered this before, or is this working as intended in
> the system filter?