Setting Trusted Relays and Internal Hosts
The following example shows how to set the
/* Set up two trusted relays */ PMX_HASH trusted_relays, internal_hosts; e->vtbl->create_hash(e, &trusted_relays, NULL, 0); trusted_relays->vtbl->set(trusted_relays, "126.96.36.199", "1", 1); trusted_relays->vtbl->set(trusted_relays, "188.8.131.52", "1", 1); trusted_relays->vtbl->save(trusted_relays); e->vtbl->add_attribute(e, "plugin.net.trusted-relays", PMX_TYPE_HASH, trusted_relays, 0, 1); /* Set up an internal host */ e->vtbl->create_hash(e, &internal_hosts, NULL, 0); internal_hosts->vtbl->set(internal_hosts, "184.108.40.206", "1", 1); internal_hosts->vtbl->save(internal_hosts); e->vtbl->add_attribute(e, "plugin.net.internal-hosts", PMX_TYPE_HASH, internal_hosts, 0, 1);
- Create a hash and add trusted relays to it.
- Set the
plugin.net.trusted-relaysattribute to skip over the relays specified in the
PMX_TYPE_HASHwhen working through the Received header chain to find the first external relay.NoteBy default, all external IP addresses found in a message's Received headers are checked against DNSBL lists. This behavior is backwards-compatible with previous releases, but it has a significant risk of false positives. This can be solved by maintaining a
Trusted Relayslist and setting the
plugin.net.trusted-relaysattribute should always be used unless your application will always be run on an edge server (never behind any relays). Also, if applicable, you should specify
plugin.net.internal-hoststo exempt internal hosts from network-based tests. You may also want to specify
- Create a hash specifying an internal host.
- Set the
plugin.net.internal-hostsattribute to exempt internal hosts from network-based tests.
© 2017 Sophos Limited. All rights reserved.