> On 2026/01/13 3:18 PM, Chris Siebenmann via Exim-users wrote:
> > Currently, the documentation says this about negated bitwise-and
> > conditions:
> >
> > Negation can also be used with a bitwise-and restriction. The
> > dnslists condition with only be trus if a result is returned by
> > the lookup which, anded with the restriction, is all zeroes. For
> > example:
>
> > As I read it, the documentation appears to be saying that a '!&'
> > bitwise-and works as:
> > (ip & bitmask) == 0
>
> If I'm reading right, you're thinking that "the restriction" in the docs text
> is identical to the supplied bitmask.
>
> I think it instead means "the bitmask as adjusted by the negation".
>
> We could write something like
> "anded with the inverted bitmask"
>
> or even
> "The dnslists condition will only be true if, after clearing the bits in the
> result indicated by the mask, the result is all zeroes."
>
> Would you find that more clear?
> Happy to hear comments from anyone else, too.
The problem is that inverting the bitmask is not correct either, either
by the code or (I believe) by bitwise logic. Consider a DNSBL result of
127.255.255.10 and a '!&0.255.255.0' condition. If you invert
0.255.255.0 you get 255.0.0.255, and then if you bitwise-and this with
127.255.255.10 you get the non-zero result 127.0.0.10, which is not
all-zeros, which should apparently be accepted by this when we want it
to be rejected (and it is rejected by Exim today).
I can't come up with any non-contorted '(ip & <something>) == 0'
condition that works correctly here, and (as mentioned) it's not what
the Exim code itself is doing.
- cks
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at https://www.exim.org/
## Please use the Wiki with this list - https://code.exim.org/exim/wiki/wiki
