So far, I have a perl script that pulls the originating IP from email
and another perl script that uses the file created by it to serve that
information.
Question is, should I implement an IP whitelist and if so, how do I do
partial pattern matches? For example, 192.168. could represent
private class C subnets. Another fragment that would likely be used
is 127.0.0., which represents loopback addresses. I might want to add a
partial remote address for pdx.edu, 131 something. I need to check the
IP's that are listed for partial matches and remove matches from the
list. What I am envisioning, a spammer manages to forge an IP address I
have to accept email from causing me to lose legitimate email. While
spam is not going to have an RFC1918 address in it, someone may put a
local message in their spam folder accidentally. If the timing is
right, that message ends up in the spam account and could end up being
processed. While this is only a problem if the IP server is probed by
an internal email server, having bad information in the IP server is
probably a bad idea.
All the server does is answer YES meaning that the IP is listed or NO
which means that it isn't listed. I don't know how to encrypt data
transmissions that are established using Net::EasyTCP, another issue.
Logically, it should say NO if asked about a local address or an address
that should never be listed.
What is the likelihood of a spammer forging say pdx.edu or the google
address that hosts gmail? Is this a problem I need to solve or not?
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug