Re: [exim] CIDR mask matching behavior

Top Page
Delete this message
Reply to this message
Author: Brent Jones
Date:  
To: exim-users, Brent Jones
Subject: Re: [exim] CIDR mask matching behavior
On Tue, Sep 14, 2010 at 8:03 PM, Phil Pennock <exim-users@???> wrote:
> On 2010-09-14 at 19:42 -0700, Brent Jones wrote:
>> I noticed some unexpected behavior in Exim when doing send IP address
>> checks in the SMTP ACL, and later on in the system filter.
>> In ACL's, you can specify CIDR masks on a non-network address.
>>
>> IE you can have 10.10.10.15/24, which is valid as 10.10.10.15 would
>
> This is the specification of a netblock which uses a masklen; the lower
> bits don't matter and can be ignored.
>
>> fit inside a /24 under 10.10.10.0
>> However, in a system filter doing something like this:
>>
>> ${mask:$sender_host_address/24} is 10.10.10.15/24
>
> The ${mask:...} expansion operator is explicitly defined to mask out the
> address so that you can do a literal comparison and ignore the lower
> bits.
>
> ${mask:$sender_host_address/24} is ${mask:10.10.10.15/24}
>
>> Has anyone encountered this before, or is this working as intended in
>> the system filter?
>
> As intended.
> -Phil
>


As usual, I was using a function incorrectly :)

Thank you for the clarification!

--
Brent Jones
brent@???