--- bin/greylist.orig	2009-01-31 12:32:25.000000000 +0900
+++ bin/greylist	2009-02-05 21:46:00.000000000 +0900
@@ -80,6 +80,12 @@
 # location for s25r file of hostname 
 my ${hostnames25rlist}="/var/qmail/s25rlist_hostname";
 
+# location for blacklist file of cidr
+my ${cidrblacklist} = "/var/qmail/blacklist_cidr";
+
+# location for whitelist file of cidr
+my ${cidrwhitelist} = "/var/qmail/whitelist_cidr";
+
 # A list of a host refusing to be host name sent with an HELO command. 
 # For example, own host name or an own IP address.
 # example @badhelohost = ('hoge.com','hogehoge.net')
@@ -301,6 +307,30 @@
 	return @list;
 }
 
+sub load_cidrfile {
+	my ( ${cidrfile} ) = @_ ;
+	my @list;
+	if (open my $fh, '<' . ${cidrfile} ) {
+		while (<$fh>) {
+			chomp;
+			s/#.*//;
+			s/^\s+//;
+			s/\s+$//;
+			next if !$_;
+			if (/^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\/(\d{1,2})$/) {
+				push @list, +{ 'addr' => $1, 'mask' => $2 };
+			}
+			else {
+				syslog "debug","cidr syntax error at ${cidrfile} line $. \n";
+			}
+		}
+	}
+	else {
+		syslog "debug", "Failed to open file : ${cidrfile}";
+	}
+	return @list;
+}
+
 # add
 sub check_hostname {
 	my ( ${listfile},${remotehostname} ) = @_;
@@ -316,6 +346,21 @@
 	return ;
 }
 
+sub check_cidr {
+	my ( ${listfile},${remoteip} ) = @_;
+
+	my @list = load_cidrfile(${listfile});
+
+	for (@list) {
+		my $mask = 0xFFFFFFFF << (32 - $_->{'mask'});
+		my $baddr = unpack('N', pack('C4', split(/\./, $_->{'addr'})));
+		my $caddr = unpack('N', pack('C4', split(/\./, $remoteip)));
+		return $remoteip if (($baddr ^ $caddr & $mask) == 0);
+	}
+
+	return ;
+}
+
 # option 1: return a 450 error immediately
 #sub smtp_temp_fail
 #{
@@ -546,6 +591,12 @@
 	run_next_stage;
 }
 
+# add -- OK - whitelisted IPs
+if ( check_cidr ${cidrwhitelist}, $remoteip ) {
+	syslog "debug", "IP %s whitelisted as cidr syntax", $remoteip if $verbose;
+	run_next_stage;
+}
+
 # add -- OK - whitelisted hostname
 if ( check_hostname ${hostnamewhitelist},${remotehostip} ) {
 	syslog "debug", "HOST %s whitelisted ", ${remotehostip} if $verbose;
@@ -572,6 +623,12 @@
 {
 	$checkfile = $base."/".$remoteip;}
 
+# add -- NG - blacklisted IPs
+if ( check_cidr ${cidrblacklist}, $remoteip ) {
+	syslog "info", "IP %s NG - blacklisted as cidr syntax", $remoteip if $verbose;
+	stmp_deny_fail;
+}
+
 # add -- Continue - s25r list 
 if ( defined $ENV{TCPREMOTEHOST} ) {
 	if ( ! check_hostname ${hostnames25rlist},$ENV{TCPREMOTEHOST} ) {