joea at j4computers
May 17, 2012, 3:03 PM
>>> On 5/17/2012 at 9:55 AM, John Hardin <jhardin [at] impsec> wrote:
***Possible SPAM*** Re: regex needed for http link
> On Wed, 16 May 2012, Joseph Acquisto wrote:
>>>>> On 5/16/2012 at 8:53 PM, "Joseph Acquisto" <joea [at] j4computers> wrote:
>>>>>> On 5/16/2012 at 5:18 PM, Brent Gardner <bgardnermailinglists [at] gmail> wrote:
>>>> How about:
>>> I will give that a try.
>> That worked. But I imagine it may trigger on innocuous instances of .ru as
> well, so it should also include check for http:// and wildcard for domain.
> What were you doing that _didn't_ detect that? The "proper" way is this:
> uri URI_DOT_RU /\.ru\b/i
> ...and let the body parser figure out the "link" context.
> Is there some reason that won't work?
> Could you post the rule you were originally using?
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
I attempted to adapt something from a similar regex provided by a vendor
of a commercial product. It was to detect country codes we do not want
to accept mail from. No doubt my ignorance of SA and regex in general
will be on display for the amusement of many.
rawbody URI_RU m,^https?://[^.\.][ru]/,i