Setting Trusted Relays and Internal Hosts

The following example shows how to set the plugin.net.trusted-relays and plugin.net.internal-hosts attributes.


   /* Set up two trusted relays */

   PMX_HASH trusted_relays, internal_hosts;

   e->vtbl->create_hash(e, &trusted_relays, NULL, 0);
   trusted_relays->vtbl->set(trusted_relays, "213.31.172.15", "1", 1);
   trusted_relays->vtbl->set(trusted_relays, "213.31.172.14", "1", 1);
   trusted_relays->vtbl->save(trusted_relays);
   
   e->vtbl->add_attribute(e, "plugin.net.trusted-relays", PMX_TYPE_HASH,
   trusted_relays, 0, 1);
   
   /* Set up an internal host */
   e->vtbl->create_hash(e, &internal_hosts, NULL, 0);
   internal_hosts->vtbl->set(internal_hosts, "74.202.89.140", "1", 1);
   internal_hosts->vtbl->save(internal_hosts);
   
   e->vtbl->add_attribute(e, "plugin.net.internal-hosts", PMX_TYPE_HASH,
   internal_hosts, 0, 1);

Description:

  • Create a hash and add trusted relays to it.
  • Set the plugin.net.trusted-relays attribute to skip over the relays specified in the PMX_TYPE_HASH when working through the Received header chain to find the first external relay.
    Note
    By default, all external IP addresses found in a message's Received headers are checked against DNSBL lists. This behavior is backwards-compatible with previous releases, but it has a significant risk of false positives. This can be solved by maintaining a Trusted Relays list and setting the plugin.net.trusted-relays attribute. The plugin.net.trusted-relays attribute should always be used unless your application will always be run on an edge server (never behind any relays). Also, if applicable, you should specify plugin.net.internal-hosts to exempt internal hosts from network-based tests. You may also want to specify plugin.net.dns-servers.
  • Create a hash specifying an internal host.
  • Set the plugin.net.internal-hosts attribute to exempt internal hosts from network-based tests.