diff --git a/README.md b/README.md index 27b3527..d963785 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ The filter currently supports: - adding an `X-SenderScore` header with the score of the source IP address - adding an `X-Spam` header to hosts with reputation below a certain value - applying a time penalty proportional to the IP reputation -- whitelisting IP addresses or subnets +- allowlisting IP addresses or subnets ## Dependencies @@ -59,4 +59,4 @@ listen on all filter "senderscore" `-scoreHeader` will add an X-SenderScore header with reputation value if known. -`-whitelist ` can be used to specify a file containing a list of IP addresses and subnets in CIDR notation to whitelist, one per line. IP addresses matching any entry in that list automatically receive a score of 100. +`-allowlist ` can be used to specify a file containing a list of IP addresses and subnets in CIDR notation to allowlist, one per line. IP addresses matching any entry in that list automatically receive a score of 100. diff --git a/filter-senderscore.go b/filter-senderscore.go index 84a8041..9f3a765 100644 --- a/filter-senderscore.go +++ b/filter-senderscore.go @@ -34,10 +34,10 @@ var blockPhase *string var junkBelow *int var slowFactor *int var scoreHeader *bool -var whitelistFile *string +var allowlistFile *string var testMode *bool -var whitelist = make(map[string]bool) -var whitelistMasks = make(map[int]bool) +var allowlist = make(map[string]bool) +var allowlistMasks = make(map[int]bool) var version string @@ -95,12 +95,12 @@ func linkConnect(phase string, sessionId string, params []string) { fmt.Fprintf(os.Stderr, "link-connect addr=%s score=%d\n", addr, s.score) }(addr, s) - for maskOnes := range whitelistMasks { + for maskOnes := range allowlistMasks { mask := net.CIDRMask(maskOnes, 32) maskedAddr := addr.Mask(mask).String() query := fmt.Sprintf("%s/%d", maskedAddr, maskOnes) - if whitelist[query] { - fmt.Fprintf(os.Stderr, "IP address %s matches whitelisted subnet %s\n", addr, query) + if allowlist[query] { + fmt.Fprintf(os.Stderr, "IP address %s matches allowlisted subnet %s\n", addr, query) s.score = 100 return } @@ -290,12 +290,12 @@ func validatePhase(phase string) { log.Fatalf("invalid block phase: %s", phase) } -func loadWhitelists() { - if *whitelistFile == "" { +func loadAllowlists() { + if *allowlistFile == "" { return } - file, err := os.Open(*whitelistFile) + file, err := os.Open(*allowlistFile) if err != nil { log.Fatal(err) } @@ -320,13 +320,13 @@ func loadWhitelists() { } maskOnes, _ := subnet.Mask.Size() - if !whitelistMasks[maskOnes] { - whitelistMasks[maskOnes] = true + if !allowlistMasks[maskOnes] { + allowlistMasks[maskOnes] = true } subnetStr := subnet.String() - if !whitelist[subnetStr] { - whitelist[subnetStr] = true - fmt.Fprintf(os.Stderr, "Subnet %s added to whitelist\n", subnetStr) + if !allowlist[subnetStr] { + allowlist[subnetStr] = true + fmt.Fprintf(os.Stderr, "Subnet %s added to allowlist\n", subnetStr) } } if err := scanner.Err(); err != nil { @@ -340,13 +340,13 @@ func main() { junkBelow = flag.Int("junkBelow", -1, "score below which session is junked") slowFactor = flag.Int("slowFactor", -1, "delay factor to apply to sessions") scoreHeader = flag.Bool("scoreHeader", false, "add X-SenderScore header") - whitelistFile = flag.String("whitelist", "", "file containing a list of IP addresses or subnets in CIDR notation to whitelist, one per line") + allowlistFile = flag.String("allowlist", "", "file containing a list of IP addresses or subnets in CIDR notation to allowlist, one per line") testMode = flag.Bool("testMode", false, "skip all DNS queries, process all requests sequentially, only for debugging purposes") flag.Parse() validatePhase(*blockPhase) - loadWhitelists() + loadAllowlists() scanner := bufio.NewScanner(os.Stdin) skipConfig(scanner) diff --git a/test/4000-whitelist.sh b/test/4000-allowlist.sh similarity index 87% rename from test/4000-whitelist.sh rename to test/4000-allowlist.sh index f545fa1..63b272c 100755 --- a/test/4000-whitelist.sh +++ b/test/4000-allowlist.sh @@ -4,12 +4,12 @@ test_init -test_run 'test IP address whitelisting' ' - cat <<-EOD >whitelist && +test_run 'test IP address allowlisting' ' + cat <<-EOD >allowlist && 1.1.1.1 3.3.3.3 EOD - cat <<-EOD | "$FILTER_BIN" $FILTER_OPTS -blockBelow 20 -whitelist whitelist | sed "0,/^register|ready/d" >actual && + cat <<-EOD | "$FILTER_BIN" $FILTER_OPTS -blockBelow 20 -allowlist allowlist | sed "0,/^register|ready/d" >actual && config|ready report|0.5|0|smtp-in|link-connect|7641df9771b4ed00||pass|1.1.1.1:33174|1.1.1.1:25 filter|0.5|0|smtp-in|connect|7641df9771b4ed00|1ef1c203cc576e5d||pass|1.1.1.1:33174|1.1.1.1:25 @@ -26,13 +26,13 @@ test_run 'test IP address whitelisting' ' test_cmp actual expected ' -test_run 'test subnet whitelisting' ' - cat <<-EOD >whitelist && +test_run 'test subnet allowlisting' ' + cat <<-EOD >allowlist && 1.1.0.0/16 1.2.3.0/24 2.0.0.0/8 EOD - cat <<-EOD | "$FILTER_BIN" $FILTER_OPTS -blockBelow 20 -whitelist whitelist | sed "0,/^register|ready/d" >actual && + cat <<-EOD | "$FILTER_BIN" $FILTER_OPTS -blockBelow 20 -allowlist allowlist | sed "0,/^register|ready/d" >actual && config|ready report|0.5|0|smtp-in|link-connect|7641df9771b4ed00||pass|1.1.1.1:33174|1.1.1.1:25 filter|0.5|0|smtp-in|connect|7641df9771b4ed00|1ef1c203cc576e5d||pass|1.1.1.1:33174|1.1.1.1:25 diff --git a/test/Makefile b/test/Makefile index 35e38bf..927602b 100644 --- a/test/Makefile +++ b/test/Makefile @@ -3,7 +3,7 @@ check: @./1000-block.sh 2>/dev/null @./2000-junk.sh 2>/dev/null @./3000-headers.sh 2>/dev/null - @./4000-whitelist.sh 2>/dev/null + @./4000-allowlist.sh 2>/dev/null @./9000-legacy.sh 2>/dev/null .PHONY: check