[clue] [tech] arpwatch patch to exclude DHCP range of IP addresses

[Michael J. Hammel]

On Mon, 2013-03-04 at 10:26 -0700, Jim Ockers wrote:
>       * Configure the mail-sending program, or the mail-receiving
>         program, to filter out messages from arpwatch that match one
>         of these IP addresses.  This is great, I would only have to
>         manually code 150 mail filters, one for each IP.

I recently had to work on a project that required doing some specialized
filtering of mail.  I found the Apache James server quite handy for
this, if you know Java.  You can set up your servers to route to a local
copy of the James server.  You write a plugin to the James server to do
the filtering.  Anything that passes the filter gets forwarded out as
normal mail to the upstream mail handler you used to point all the
servers to.

The plugins are pretty easy to write and you can have them query a db or
text file for the range of IPs to check.  In your case your plugin would
probably be less than 100 lines.  That way you write the filter once and
just update the db or config file when the range changes.  One filter to
rule them all.

I actually don't know that much about mail servers, but for mail
preprocessing within a data center the James server is kinda handy due
to its pluggable architecture.

-- 
Michael J. Hammel <mjhammel at graphics-muse.org>