diff options
Diffstat (limited to 'contrib')
| -rwxr-xr-x | contrib/cidrexpand | 149 | ||||
| -rw-r--r-- | contrib/dnsblaccess.m4 | 4 | ||||
| -rwxr-xr-x | contrib/expn.pl | 2 | ||||
| -rw-r--r-- | contrib/mmuegel | 28 |
4 files changed, 113 insertions, 70 deletions
diff --git a/contrib/cidrexpand b/contrib/cidrexpand index efa5323a010c7..ee24ee865275b 100755 --- a/contrib/cidrexpand +++ b/contrib/cidrexpand @@ -1,13 +1,14 @@ #!/usr/bin/perl -w - -# $Id: cidrexpand,v 8.8 2006-08-07 17:18:37 ca Exp $ +# +# usage: +# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access # # v 0.4 # # 17 July 2000 Derek J. Balling (dredd@megacity.org) -# +# # Acts as a preparser on /etc/mail/access_db to allow you to use address/bit -# notation. +# notation. # # If you have two overlapping CIDR blocks with conflicting actions # e.g. 10.2.3.128/25 REJECT and 10.2.3.143 ACCEPT @@ -25,114 +26,156 @@ # Added code to deal with the prefix tags that may now be included in # the access_db # -# Added clarification in the notes for what to do if you have +# Added clarification in the notes for what to do if you have # exceptions to a larger CIDR block. # -# 26 Jul 2006 Richard Rognlie (richard@sendmail.com> +# 26 Jul 2006 Richard Rognlie (richard@sendmail.com) # Added code to strip "comments" (anything after a non-escaped #) # # characters after a \ or within quotes (single and double) are -# left intact. +# left intact. # # e.g. # From:1.2.3.4 550 Die spammer # spammed us 2006.07.26 # becomes -# From:1.2.3.4 550 Die spammer +# From:1.2.3.4 550 Die spammer # # 3 August 2006 -# # Corrected a bug to have it handle the special case of "0.0.0.0/0" # since Net::CIDR doesn't handle it properly. # -# usage: -# cidrexpand < /etc/mail/access | makemap -r hash /etc/mail/access +# 27 April 2016 +# Corrected IPv6 handling. Note that UseCompressedIPv6Addresses must +# be turned off for this to work; there are three reasons for this: +# 1) if the MTA uses compressed IPv6 addresses then CIDR 'cuts' +# in the compressed range *cannot* be matched, as the MTA simply +# won't look for them. E.g., there's no way to accurately +# match "IPv6:fe80::/64" when for the address "IPv6:fe80::54ad" +# the MTA doesn't lookup up "IPv6:fe80:0:0:0" +# 2) cidrexpand only generates uncompressed addresses, so CIDR +# 'cuts' to the right of the compressed range won't be matched +# either. Why doesn't it generate compressed address output? +# Oh, because: +# 3) compressed addresses are ambiguous when colon-groups are +# chopped off! You want an access map entry for +# IPv6:fe80::0:5420 +# but not for +# IPv6:fe80::5420:1234 +# ? Sorry, the former is really +# IPv6:fe80::5420 +# which will also match the latter! # +# 25 July 2016 +# Since cidrexpand already requires UseCompressedIPv6Addresses to be +# turned off, it can also canonicalize non-CIDR IPv6 addresses to the +# format that sendmail looks up, expanding compressed addresses and +# trimming superfluous leading zeros. # # Report bugs to: <dredd@megacity.org> # use strict; -use Net::CIDR; +use Net::CIDR qw(cidr2octets cidrvalidate); use Getopt::Std; -our ($opt_c,$opt_t); -getopts('ct:'); +sub print_expanded_v4network; +sub print_expanded_v6network; -my $spaceregex = '\s+'; -if ($opt_t) -{ - $spaceregex = $opt_t; -} +our %opts; +getopts('ct:', \%opts); + +# Delimiter between the key and value +my $space_re = exists $opts{t} ? $opts{t} : '\s+'; + +# Regexp that matches IPv4 address literals +my $ipv4_re = qr"(?:\d+\.){3}\d+"; + +# Regexp that matches IPv6 address literals, plus a lot more. +# Further checks are required for verifying that it's really one +my $ipv6_re = qr"[0-9A-Fa-f:]{2,39}(?:\.\d+\.\d+\.\d+)?"; while (<>) { chomp; - my ($prefix,$left,$right,$space); + my ($prefix, $network, $len, $right); - if ( (/\#/) && $opt_c ) + if ( (/\#/) && $opts{c} ) { # print "checking...\n"; my $i; my $qtype=''; - for ($i=0 ; $i<length($_) ; $i++) + for ($i=0 ; $i<length($_) ; $i++) { my $ch = substr($_,$i,1); - if ($ch eq '\\') + if ($ch eq '\\') { $i++; next; } - elsif ($qtype eq '' && $ch eq '#') + elsif ($qtype eq '' && $ch eq '#') { substr($_,$i) = ''; last; } - elsif ($qtype ne '' && $ch eq $qtype) + elsif ($qtype ne '' && $ch eq $qtype) { $qtype = ''; } - elsif ($qtype eq '' && $ch =~ /[\'\"]/) + elsif ($qtype eq '' && $ch =~ /[\'\"]/) { $qtype = $ch; } } - } - - if (! /^(|\S\S*:)(\d+\.){3}\d+\/\d\d?$spaceregex.*/ ) + } + + if (($prefix, $network, $len, $right) = + m!^(|\S+:)(${ipv4_re})/(\d+)(${space_re}.*)$!) { - print "$_\n"; + print_expanded_v4network($network, $len, $prefix, $right); + } + elsif ((($prefix, $network, $len, $right) = + m!^((?:\S+:)?[Ii][Pp][Vv]6:)(${ipv6_re})(?:/(\d+))?(${space_re}.*)$!) && + (!defined($len) || $len <= 128) && + defined(cidrvalidate($network))) + { + print_expanded_v6network($network, $len // 128, $prefix, $right); } else { - ($prefix,$left,$space,$right) = - /^(|\S\S*:)((?:\d+\.){3}\d+\/\d\d?)($spaceregex)(.*)$/; - - my @new_lefts = expand_network($left); - foreach my $nl (@new_lefts) - { - print "$prefix$nl$space$right\n"; - } + print "$_\n"; } } - -sub expand_network + +sub print_expanded_v4network { - my $left_input = shift; - my @rc = ($left_input); - my ($network,$mask) = split /\//, $left_input; - if (defined $mask) + my ($network, $len, $prefix, $suffix) = @_; + + # cidr2octets() doesn't handle a prefix-length of zero, so do + # that ourselves + foreach my $nl ($len == 0 ? (0..255) : cidr2octets("$network/$len")) { - return (0..255) if $mask == 0; + print "$prefix$nl$suffix\n"; + } +} + +sub print_expanded_v6network +{ + my ($network, $len, $prefix, $suffix) = @_; - my @parts = split /\./, $network; - while ($#parts < 3) + # cidr2octets() doesn't handle a prefix-length of zero, so do + # that ourselves. Easiest is to just recurse on bottom and top + # halves with a length of 1 + if ($len == 0) { + print_expanded_v6network("::", 1, $prefix, $suffix); + print_expanded_v6network("8000::", 1, $prefix, $suffix); + } + else + { + foreach my $nl (cidr2octets("$network/$len")) { - push @parts, "0"; + # trim leading zeros from each group + $nl =~ s/(^|:)0+(?=[^:])/$1/g; + print "$prefix$nl$suffix\n"; } - my $clean_input = join '.', @parts; - $clean_input .= "/$mask"; - my @octets = Net::CIDR::cidr2octets($clean_input); - @rc = @octets; } - return @rc; } diff --git a/contrib/dnsblaccess.m4 b/contrib/dnsblaccess.m4 index da8e13a0a6a7b..0075dba92fe89 100644 --- a/contrib/dnsblaccess.m4 +++ b/contrib/dnsblaccess.m4 @@ -24,7 +24,7 @@ dnl ## email. A tempfail-message value of `t' temporarily rejects dnl ## with a default message. Otherwise the value should be your dnl ## own message. The keytag is used to lookup the access map to dnl ## further refine the result. I recommend a qualified keytag -dnl ## (containing a ".") as less likely to accidently conflict with +dnl ## (containing a ".") as less likely to accidentally conflict with dnl ## other access tags. dnl ## dnl ## This is best illustrated with an example. Please do not use @@ -66,7 +66,7 @@ ifdef(`_ACCESS_TABLE_', `dnl', ifdef(`_EDNSBL_R_',`dnl',`dnl define(`_EDNSBL_R_', `1')dnl ## prevent multiple redefines of the map. LOCAL_CONFIG -# map for enhanced DNS based blacklist lookups +# map for enhanced DNS based blocklist lookups Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5') ') divert(-1) diff --git a/contrib/expn.pl b/contrib/expn.pl index 85de08a7f419a..3173912386859 100755 --- a/contrib/expn.pl +++ b/contrib/expn.pl @@ -945,7 +945,7 @@ sub mxredirect return undef; } # follow mx records, return a hostname -# also follow temporary redirections comming from &domainify and +# also follow temporary redirections coming from &domainify and # &mxlookup sub mx { diff --git a/contrib/mmuegel b/contrib/mmuegel index 6db4a45189c10..e1610efa86061 100644 --- a/contrib/mmuegel +++ b/contrib/mmuegel @@ -268,7 +268,7 @@ sed 's/^X//' << 'SHAR_EOF' > 'libs/date.pl' && ;# Fixed a couple of problems with &ls as pointed out by ;# Thomas Richter (richter@ki1.chemie.fu-berlin.de), thanks Thomas! ;# Also added a couple of SunOS 4.1.1 strftime-ish formats, %i and %k -;# for space padded hours (` 1' to `12' and ` 0' to `23' respectivly), +;# for space padded hours (` 1' to `12' and ` 0' to `23' respectively), ;# and %C for locale long date/time format. Changed &mH to take a ;# pad char parameter to make to evaled code for %i and %k simpler. ;# Added %E for suffixed day-of-month (ie 1st, 3rd, 4th etc). @@ -398,7 +398,7 @@ X X # watch out in 2070... X $year += ($year < 70) ? 2000 : 1900; X -X # now loop throught the supplied format looking for tags... +X # now loop through the supplied format looking for tags... X while (($pos = index ($format, '%')) != -1) { X X # grab the format tag @@ -471,7 +471,7 @@ sub ls { X return ((&gettime ($TZ, time))[5] == @_[0]) ? "%R" : " %Y"; } X -# pad - pad $in with leading $pad until lenght $len +# pad - pad $in with leading $pad until length $len sub pad { X local ($in, $len, $pad) = @_; X local ($out) = "$in"; @@ -661,7 +661,7 @@ X ;# otherwise, $Status will be 0 and $Error_Msg will contain an error message. ;# ;# If $Use_Sendmail is 1 then sendmail is used to send the message. Normally -;# a mailer such as Mail is used. By specifiying this you can include +;# a mailer such as Mail is used. By specifying this you can include ;# headers in addition to text in either $Message or $Message_Is_File. ;# If either $Message or $Message_Is_File contain a Subject: header then ;# $Subject is ignored; otherwise, a Subject: header is automatically created. @@ -1026,15 +1026,15 @@ X ;# ;# Does not care about order of switches, options, and arguments like ;# getopts.pl. Thus all non-switches/options will be kept in ARGV even if they -;# are not at the end. If $Pass_Invalid is set all unkown options will be +;# are not at the end. If $Pass_Invalid is set all unknown options will be ;# passed back to the caller by keeping them in @ARGV. This is useful when ;# parsing a command line for your script while ignoring options that you ;# may pass to another script. If this is set New_Getopts tries to maintain -;# the switch clustering on the unkown switches. +;# the switch clustering on the unknown switches. ;# ;# Accepts the special argument -usage to print the Usage string. Also accepts ;# the special option -version which prints the contents of the string -;# $VERSION. $VERSION may or may not have an embeded \n in it. If -usage +;# $VERSION. $VERSION may or may not have an embedded \n in it. If -usage ;# or -version are specified a status of -1 is returned. Note that the usage ;# option is only accepted if the usage string is not null. ;# @@ -1048,8 +1048,8 @@ X ;# $Switch_To_Order {"v"} = 1; ;# $Switch_To_Order {"x"} = 2; ;# -;# Note that in the case of multiple occurances of an option $Switch_To_Order -;# will store each occurance of the argument via a string that emulates +;# Note that in the case of multiple occurrences of an option $Switch_To_Order +;# will store each occurrence of the argument via a string that emulates ;# an array. This is done by using join ($;, ...). You can retrieve the ;# array by using split (/$;/, ...). ;# @@ -1062,7 +1062,7 @@ X ;# Another exciting ;-) feature that newgetopts has. Along with creating the ;# normal $opt_ scalars for the last value of an argument the list @opt_ is ;# created. It is an array which contains all the values of arguments to the -;# basename of the variable. They are stored in the order which they occured +;# basename of the variable. They are stored in the order which they occurred ;# on the command line starting with $[. Note that blank arguments are stored ;# as "". Along with providing support for multiple options on the command ;# line this also provides a method of counting the number of times an option @@ -1293,8 +1293,8 @@ X ;# All other lines will be indented to match the amount of whitespace of ;# $Offset. ;# -;# + If $Bullet_Indent is $TRUE $Offset will only be applied to the begining -;# of lines as they occured in the original $String. Lines that are created +;# + If $Bullet_Indent is $TRUE $Offset will only be applied to the beginning +;# of lines as they occurred in the original $String. Lines that are created ;# by this routine will always be indented by blank spaces. ;# ;# + If $Columns is 0 no word-wrap is done. This might be useful to still @@ -1306,7 +1306,7 @@ X ;# + If $Offset_Blank is $TRUE then empty lines will have $Offset pre-pended ;# to them. Otherwise, they will still empty. ;# -;# This is a realy workhorse routine that I use in many places because of its +;# This is a really workhorse routine that I use in many places because of its ;# veratility. ;# ;# Arguments: @@ -1668,7 +1668,7 @@ sed 's/^X//' << 'SHAR_EOF' > 'man/postclip.1' && of the message. This keeps bounced mail private and helps to avoid disk space problems. \*(mp tries its best to keep as much of the header trail as possible. Hopefully only the original body of the message will be filtered. Only messages that have a subject that begins with 'Returned mail:' are filtered. This -ensures that other mail is not accidently mucked with. Finally, note that +ensures that other mail is not accidentally mucked with. Finally, note that \fBsendmail\fR is used to deliver the message after it has been (possibly) filtered. All of the original headers will remain intact. .sp 1 |