Re: [exim] CIDR mask matching behavior

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Brent Jones
CC: Exim Mailing List
Subject: Re: [exim] CIDR mask matching behavior
On 2010-09-14 at 19:42 -0700, Brent Jones wrote:
> I noticed some unexpected behavior in Exim when doing send IP address
> checks in the SMTP ACL, and later on in the system filter.
> In ACL's, you can specify CIDR masks on a non-network address.
>
> IE you can have 10.10.10.15/24, which is valid as 10.10.10.15 would


This is the specification of a netblock which uses a masklen; the lower
bits don't matter and can be ignored.

> fit inside a /24 under 10.10.10.0
> However, in a system filter doing something like this:
>
> ${mask:$sender_host_address/24} is 10.10.10.15/24


The ${mask:...} expansion operator is explicitly defined to mask out the
address so that you can do a literal comparison and ignore the lower
bits.

${mask:$sender_host_address/24} is ${mask:10.10.10.15/24}

> Has anyone encountered this before, or is this working as intended in
> the system filter?


As intended.
-Phil