Mailing List Archive: SpamAssassin: users

Regex Question

1 2

View All

Index | Next | Previous | View Threaded

nigel at blue-canoe

Mar 3, 2007, 9:28 AM

Post #1 of 28 (1364 views)
Permalink

Regex Question

Hi All,

I've recently invested in some books and software to help me figure
out what I *thought* I already knew pretty well (regex). As was
pointed out by a kind list member, there are various 'flavours' of
regex. Can anyone tell me which particular flavour I'm best
concentrating on for SA rules?

TIA

Nigel

matthias at leisi

Mar 3, 2007, 10:53 AM

Post #2 of 28 (1332 views)
Permalink

Re: Regex Question [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nigel Frankcom wrote:

> pointed out by a kind list member, there are various 'flavours' of
> regex. Can anyone tell me which particular flavour I'm best
> concentrating on for SA rules?

man perlre

- -- Matthias

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFF6cQjxbHw2nyi/okRAo6AAJ0TPjQ6oP0Nnlpf2VdmJRzhaMThmwCfQ714
CZIYR0/Zv453TzmjFcQKlNI=
=SA1a
-----END PGP SIGNATURE-----

Ralf.Hildebrandt at charite

Nov 10, 2009, 5:32 AM

Post #3 of 28 (1304 views)
Permalink

Re: Regex Question [In reply to]

* rahlquist [at] gmail <rahlquist [at] gmail>:
> Ok regex is not my strong suit by any means. Trying to get a match for email
> addresses that start with a pipe character ( about 15% of my spam is this ).

That's not needed. Why are you accepting mail to NON-EXISTING
recipients at all?

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt [at] charite | http://www.charite.de

jhardin at impsec

Nov 10, 2009, 6:09 AM

Post #4 of 28 (1304 views)
Permalink

Re: Regex Question [In reply to]

On Tue, 10 Nov 2009, Ralf Hildebrandt wrote:

> * rahlquist [at] gmail <rahlquist [at] gmail>:
>> Ok regex is not my strong suit by any means. Trying to get a match
>> for email addresses that start with a pipe character ( about 15% of
>> my spam is this ).
>
> That's not needed. Why are you accepting mail to NON-EXISTING
> recipients at all?

He may be referring to the From: header, not the envelope header.

Richard, could you post the headers from one such to pastebin so we can
see exactly what you're talking about?

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Tomorrow: Veterans Day

richard at buzzhost

Nov 10, 2009, 6:26 AM

Post #5 of 28 (1301 views)
Permalink

Re: Regex Question [In reply to]

On Tue, 2009-11-10 at 14:32 +0100, Ralf Hildebrandt wrote:
> * rahlquist [at] gmail <rahlquist [at] gmail>:
> > Ok regex is not my strong suit by any means. Trying to get a match for email
> > addresses that start with a pipe character ( about 15% of my spam is this ).
>
> That's not needed. Why are you accepting mail to NON-EXISTING
> recipients at all?
>
Ralf, may I ask, do you predictably trot this offensive answer out all
the time for fun, or just because you are bored?

FYI, the last time I looked it was not a criminal offence to use a catch
all, unless the law is different in Germany?

I make heavy use of catchalls for spam tracking using 'balloon race' and
watermarking. I may, however, wish to skew and filter some combinations
despite running catch all.

Please keep this in your mind in future before trotting out that tired
old gas.

me at junc

Nov 10, 2009, 7:50 AM

Post #6 of 28 (1301 views)
Permalink

Re: Regex Question [In reply to]

On tir 10 nov 2009 15:26:43 CET, "richard [at] buzzhost" wrote
> Please keep this in your mind in future before trotting out that tired
> old gas.

imho Ralf have never being banned in maillist here, if you dont like
his answers just unsubscribe

--
xpoint

richard at buzzhost

Nov 10, 2009, 8:27 AM

Post #7 of 28 (1300 views)
Permalink

Re: Regex Question [In reply to]

On Tue, 2009-11-10 at 16:50 +0100, Benny Pedersen wrote:
> On tir 10 nov 2009 15:26:43 CET, "richard [at] buzzhost" wrote
> > Please keep this in your mind in future before trotting out that tired
> > old gas.
>
> imho Ralf have never being banned in maillist here, if you dont like
> his answers just unsubscribe
>
Trotting out useless, pointless, tardy, curt, terse replies benefit
nobody at all and makes the poster look arrogant especially when the
answer is mere opinion.

The OP asked a perfectly civil question that did not warrant such a
tired, rude old skool style micro flaming. It does not make someone look
superior or 'clever' to offer such a response, it simply makes them look
like a backside lacking in social skills. Your support for the response
is duly noted, but there is no love lost between us in any case.

mysqlstudent at gmail

Nov 10, 2009, 8:45 AM

Post #8 of 28 (1299 views)
Permalink

Re: Regex Question [In reply to]

>> imho Ralf have never being banned in maillist here, if you dont like
>> his answers just unsubscribe
>>
> Trotting out useless, pointless, tardy, curt, terse replies benefit
> nobody at all and makes the poster look arrogant especially when the
> answer is mere opinion.

I sometimes welcome the terse replies; it illicit's clarification from
the OP. I hardly think Ralf is interested in wasting his time playing
games on this mailing list. Even if it were true, I think Ralf has
also earned the ability to be a bit arrogant.

Regards,
Alex

jhardin at impsec

Nov 10, 2009, 8:49 AM

Post #9 of 28 (1301 views)
Permalink

Re: Regex Question [In reply to]

On Tue, 10 Nov 2009, rahlquist [at] gmail wrote:

> On Tue, Nov 10, 2009 at 9:09 AM, John Hardin <jhardin [at] impsec> wrote:
>
>> * rahlquist [at] gmail <rahlquist [at] gmail>:
>>>
>>>> Ok regex is not my strong suit by any means. Trying to get a match
>>>> for email addresses that start with a pipe character ( about 15% of my
>>>> spam is this ).
>>
>> Richard, could you post the headers from one such to pastebin so we can see
>> exactly what you're talking about?
>
> Here you are John;
> http://pastebin.com/m733a7113
>
> And no, I do indeed mean sent to.

Okay.

Comment: it would be better to catch and reject these at the MTA level, if
at all possible. I'm sure one of the Postfix admins could suggest how to
do so.

How about this?

header ENV_TO_BAR Received =~ / for <\|/

You don't need to match the entire address syntax.

You might want to tighten it up a tiny bit (assuming the headers weren't
sanitized):

header ENV_TO_BAR Received =~ / by dark\.pcsites\.com .* for <\|/

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
I have never learned to fight for my freedom. I was only good at
enjoying it. -- Dutchman Oscar van den Boogaard,
showing why Europe is doomed
-----------------------------------------------------------------------
Tomorrow: Veterans Day

jhardin at impsec

Nov 10, 2009, 8:54 AM

Post #10 of 28 (1299 views)
Permalink

Re: Regex Question [In reply to]

On Tue, 10 Nov 2009, Alex wrote:

>>> imho Ralf have never being banned in maillist here, if you dont like
>>> his answers just unsubscribe
>>>
>> Trotting out useless, pointless, tardy, curt, terse replies benefit
>> nobody at all and makes the poster look arrogant especially when the
>> answer is mere opinion.
>
> I sometimes welcome the terse replies; it illicit's clarification from
> the OP.

ITYM "elicits".

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Our government should bear in mind the fact that the American
Revolution was touched off by the then-current government
attempting to confiscate firearms from the people.
-----------------------------------------------------------------------
Tomorrow: Veterans Day

kremels at kreme

Nov 10, 2009, 8:55 AM

Post #11 of 28 (1299 views)
Permalink

Re: Regex Question [In reply to]

On 10-Nov-2009, at 09:27, richard [at] buzzhost wrote:
> On Tue, 2009-11-10 at 16:50 +0100, Benny Pedersen wrote:
>> On tir 10 nov 2009 15:26:43 CET, "richard [at] buzzhost" wrote
>>> Please keep this in your mind in future before trotting out that tired
>>> old gas.
>>
>> imho Ralf have never being banned in maillist here, if you dont like
>> his answers just unsubscribe
>>
> Trotting out useless, pointless, tardy, curt, terse replies benefit
> nobody at all and makes the poster look arrogant especially when the
> answer is mere opinion.

I think you need to grow a thicker skin.

> but there is no love lost between us in any case.

Ah, there's the reason you wigged out.

--
<jshock221> a freudian slip is when you say one thing but you're
really thinking about a mother.
<Spadgeroonie> no, a freudian slip is sexy underwear your mother wears

mysqlstudent at gmail

Nov 10, 2009, 9:02 AM

Post #12 of 28 (1299 views)
Permalink

Re: Regex Question [In reply to]

>> I sometimes welcome the terse replies; it illicit's clarification from the
>> OP.
>
> ITYM "elicits".

Heh, yes, thanks. I don't think they're involved in some illicit sex scandal :-)

In either case, the apostrophe was wrong, too. Working on getting a
new toolchain compiled and working straight since 4pm yesterday :-)

Thanks,
Alex

rahlquist at gmail

Nov 10, 2009, 9:06 AM

Post #13 of 28 (1300 views)
Permalink

Re: Regex Question [In reply to]

On Tue, Nov 10, 2009 at 11:49 AM, John Hardin <jhardin [at] impsec> wrote:

> On Tue, 10 Nov 2009, rahlquist [at] gmail wrote:
>
> On Tue, Nov 10, 2009 at 9:09 AM, John Hardin <jhardin [at] impsec> wrote:
>>
>> * rahlquist [at] gmail <rahlquist [at] gmail>:
>>>
>>>>
>>>> Ok regex is not my strong suit by any means. Trying to get a match
>>>>> for email addresses that start with a pipe character ( about 15% of my
>>>>> spam is this ).
>>>>>
>>>>
>>> Richard, could you post the headers from one such to pastebin so we can
>>> see
>>> exactly what you're talking about?
>>>
>>
>> Here you are John;
>> http://pastebin.com/m733a7113
>>
>> And no, I do indeed mean sent to.
>>
>
> Okay.
>
> Comment: it would be better to catch and reject these at the MTA level, if
> at all possible. I'm sure one of the Postfix admins could suggest how to do
> so.
>
> How about this?
>
> header ENV_TO_BAR Received =~ / for <\|/
>
> You don't need to match the entire address syntax.
>
> You might want to tighten it up a tiny bit (assuming the headers weren't
> sanitized):
>
> header ENV_TO_BAR Received =~ / by dark\.pcsites\.com .* for <\|/
>
>
> --
>
I could reject at the MTA but I want it to help me to filter and train
bayes, many of these are going to multiple users.

I'll give these a whack and see if anything squeaks! Thanks!

uhlar at fantomas

Nov 10, 2009, 9:12 AM

Post #14 of 28 (1300 views)
Permalink

Re: Regex Question [In reply to]

> On Tue, 2009-11-10 at 14:32 +0100, Ralf Hildebrandt wrote:
> > * rahlquist [at] gmail <rahlquist [at] gmail>:
> > > Ok regex is not my strong suit by any means. Trying to get a match for email
> > > addresses that start with a pipe character ( about 15% of my spam is this ).
> >
> > That's not needed. Why are you accepting mail to NON-EXISTING
> > recipients at all?

On 10.11.09 14:26, richard [at] buzzhost wrote:
> Ralf, may I ask, do you predictably trot this offensive answer out all
> the time for fun, or just because you are bored?

Ralf's question was in no way offensive. He is just trying to solve the
problem by way that is most efficient for most of e-mail users and admins.

> FYI, the last time I looked it was not a criminal offence to use a catch
> all, unless the law is different in Germany?

And it is not criminal offence to ask why is someone using using catch-all.
Maybe the OP DOES want to use catch-all for this reason. Maybe the OP does
NOT need catch-all. We can find this out by asking the poster WHY.

> I make heavy use of catchalls for spam tracking using 'balloon race' and
> watermarking. I may, however, wish to skew and filter some combinations
> despite running catch all.

you are, others are not.

> Please keep this in your mind in future before trotting out that tired
> old gas.

Please keep that above in your mind before you start accusing people of
being trolls and thus behaving exactly as troll.
--
Matus UHLAR - fantomas, uhlar [at] fantomas ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a non-prophet organization.

richard at buzzhost

Nov 10, 2009, 9:14 AM

Post #15 of 28 (1300 views)
Permalink

Re: Regex Question [In reply to]

On Tue, 2009-11-10 at 11:45 -0500, Alex wrote:
> >> imho Ralf have never being banned in maillist here, if you dont like
> >> his answers just unsubscribe
> >>
> > Trotting out useless, pointless, tardy, curt, terse replies benefit
> > nobody at all and makes the poster look arrogant especially when the
> > answer is mere opinion.
>
> I sometimes welcome the terse replies; it illicit's clarification from
> the OP. I hardly think Ralf is interested in wasting his time playing
> games on this mailing list. Even if it were true, I think Ralf has
> also earned the ability to be a bit arrogant.
>
> Regards,
> Alex

I don't think that being plain bloody rude is playing games, and it's
surprisingly common output - not just from Ralf, but from that Postfix
set who seem to place some extreme value on their self importance.

Alex, you hold Ralf in high regard and that is noble. There are many
people I hold in high regard, but I base it on a process of merit,
pivotal to which is how they treat 'little' people asking perfectly
polite questions. In my eyes it is perfectly acceptable to challenging
people who seem to have lost their place in reality, when they treat
people in such a negative way.

The terse answer given was nothing more than opinion. There are clearly
occasions when accepting mail for <anyone>@domain is a perfectly
legitimate thing to do, provided, of course you don't bounce it after
accepting it.

Rather than let this drift into a hijacked free-for-all perhaps one of
the guru's of REGEX here would actually like to answer the OP's
question. This is a human being asking for help. I don't know the answer
myself or I would. I'm guessing that escaping the pipe \| does not work?

jhardin at impsec

Nov 10, 2009, 9:24 AM

Post #16 of 28 (1301 views)
Permalink

Re: Regex Question [In reply to]

On Tue, 10 Nov 2009, richard [at] buzzhost wrote:

> Rather than let this drift into a hijacked free-for-all perhaps one of
> the guru's of REGEX here would actually like to answer the OP's
> question.

If you hadn't gotten distracted by your multiple nemeses you would have
noticed I've done so. :)

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
North Korea: the only country in the world where people would risk
execution to flee to communist China. -- Ride Fast
-----------------------------------------------------------------------
Tomorrow: Veterans Day

jdow at earthlink

Nov 10, 2009, 11:46 AM

Post #17 of 28 (1297 views)
Permalink

Re: Regex Question [In reply to]

From: <richard [at] buzzhost>
Sent: Tuesday, 2009/November/10 08:27

> On Tue, 2009-11-10 at 16:50 +0100, Benny Pedersen wrote:
>> On tir 10 nov 2009 15:26:43 CET, "richard [at] buzzhost" wrote
>> > Please keep this in your mind in future before trotting out that tired
>> > old gas.
>>
>> imho Ralf have never being banned in maillist here, if you dont like
>> his answers just unsubscribe
>>
> Trotting out useless, pointless, tardy, curt, terse replies benefit
> nobody at all and makes the poster look arrogant especially when the
> answer is mere opinion.
>
> The OP asked a perfectly civil question that did not warrant such a
> tired, rude old skool style micro flaming. It does not make someone look
> superior or 'clever' to offer such a response, it simply makes them look
> like a backside lacking in social skills. Your support for the response
> is duly noted, but there is no love lost between us in any case.

1) Justifying your curt thoughtless reply is adding noise to the list.
(That's just a thought to bear in mind here.)
2) The way the question was asked I almost made exactly the same reply.
With the number of replies present, I stayed silent. Fuggheadedness
(note gg not ck, different things) draws me out sometimes, though.
3) Once the question was asked properly an answer useful for you was
forthcoming. Should that be a wake-up call for you to ask your
questions with a little more detail about why and what you are trying
to do.

{^_^}

jdow at earthlink

Nov 10, 2009, 11:51 AM

Post #18 of 28 (1296 views)
Permalink

Re: Regex Question [In reply to]

From: <richard [at] buzzhost>
Sent: Tuesday, 2009/November/10 09:14

> On Tue, 2009-11-10 at 11:45 -0500, Alex wrote:
>> >> imho Ralf have never being banned in maillist here, if you dont like
>> >> his answers just unsubscribe
>> >>
>> > Trotting out useless, pointless, tardy, curt, terse replies benefit
>> > nobody at all and makes the poster look arrogant especially when the
>> > answer is mere opinion.
>>
>> I sometimes welcome the terse replies; it illicit's clarification from
>> the OP. I hardly think Ralf is interested in wasting his time playing
>> games on this mailing list. Even if it were true, I think Ralf has
>> also earned the ability to be a bit arrogant.
>>
>> Regards,
>> Alex
>
...
> Rather than let this drift into a hijacked free-for-all perhaps one of
> the guru's of REGEX here would actually like to answer the OP's
> question. This is a human being asking for help. I don't know the answer
> myself or I would. I'm guessing that escaping the pipe \| does not work?

Condescendingly pats the youngster on the head, "It's too late, boy. Stop
yourself before it is too late."

{^_^} (I get to do that at my age to most of the people on the net. {^_-})

Ralf.Hildebrandt at charite

Nov 10, 2009, 12:37 PM

Post #19 of 28 (1295 views)
Permalink

Re: Regex Question [In reply to]

* richard [at] buzzhost <richard [at] buzzhost>:
> On Tue, 2009-11-10 at 14:32 +0100, Ralf Hildebrandt wrote:
> > * rahlquist [at] gmail <rahlquist [at] gmail>:
> > > Ok regex is not my strong suit by any means. Trying to get a match for email
> > > addresses that start with a pipe character ( about 15% of my spam is this ).
> >
> > That's not needed. Why are you accepting mail to NON-EXISTING
> > recipients at all?
> >
> Ralf, may I ask, do you predictably trot this offensive answer out all
> the time for fun, or just because you are bored?

If you make your system accept mail for non existing addresses, then you
can do all kinds of useful research, but then you also usually know how to
handle stuff you REALLY don't want to receive. In the OP's case (like he
said in a PM), it's probably better to block RCPT TO:<|.*> on the MTA
level.

He's generating throwaway addresses to find out who's selling these
contact addresses.

> FYI, the last time I looked it was not a criminal offence to use a catch
> all, unless the law is different in Germany?

I fail to see how that matters, since he's not in Germany. And it's not.

> I make heavy use of catchalls for spam tracking using 'balloon race' and
> watermarking. I may, however, wish to skew and filter some combinations
> despite running catch all.

Makes perfect sense.

> Please keep this in your mind in future before trotting out that tired
> old gas.

For everybody but the old scientific anti-spam geek in his/her sekrit lab
it's really safer to just block mail to non-existing recipients. We're
still getting enough spam that way.

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt [at] charite | http://www.charite.de

Ralf.Hildebrandt at charite

Nov 10, 2009, 12:38 PM

Post #20 of 28 (1292 views)
Permalink

Re: Regex Question [In reply to]

* Benny Pedersen <me [at] junc>:
> On tir 10 nov 2009 15:26:43 CET, "richard [at] buzzhost" wrote
> >Please keep this in your mind in future before trotting out that tired
> >old gas.
>
> imho Ralf have never being banned in maillist here, if you dont like
> his answers just unsubscribe

Good point, but richard has been banned multiple times on the postfix
list for asocial behaviour...

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt [at] charite | http://www.charite.de

Ralf.Hildebrandt at charite

Nov 10, 2009, 12:43 PM

Post #21 of 28 (1293 views)
Permalink

Re: Regex Question [In reply to]

* Matus UHLAR - fantomas <uhlar [at] fantomas>:

> Ralf's question was in no way offensive. He is just trying to solve the
> problem by way that is most efficient for most of e-mail users and admins.

What the OP intends to do ("Who's selling away my addresses?") can be
done in the MTA entirely. A colleague at tu-bs.de did that over 15
years ago by simply "increasing" a numerical portin in his email
addresses.

Problem being: Making an address "valid" -- If I define:

bahn.de [at] example

as a contact address when contacting "bahn.de", then I have to have
some sort of database WHICH addresses have been "used", and which have
been "abused" (targeted by anybody BUT bahn.de senders).

To avoid this DB he simply made all addresses valid and forwarded them
to his real address (or something like that with a filter in between).

Isn't there an automatic tool for this?

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt [at] charite | http://www.charite.de

jhardin at impsec

Nov 10, 2009, 12:57 PM

Post #22 of 28 (1293 views)
Permalink

Re: Regex Question [In reply to]

On Tue, 10 Nov 2009, Ralf Hildebrandt wrote:

>> On Tue, 2009-11-10 at 14:32 +0100, Ralf Hildebrandt wrote:
>>> * rahlquist [at] gmail <rahlquist [at] gmail>:
>>>> Ok regex is not my strong suit by any means. Trying to get a match
>>>> for email addresses that start with a pipe character ( about 15% of
>>>> my spam is this ).
>>>
>>> That's not needed. Why are you accepting mail to NON-EXISTING
>>> recipients at all?

{snip}

> He's generating throwaway addresses to find out who's selling these
> contact addresses.

In that case, depending on the MTA logging, perhaps he could still disable
catchall and then troll the logs to see which invalid addresses were
attempted.

...or does _no_ modern MTA log the recipient addresses it rejects? I
haven't actually looked... :)

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Perfect Security and Absolute Safety are unattainable; beware
those who would try to sell them to you, regardless of the cost,
for they are trying to sell you your own slavery.
-----------------------------------------------------------------------
Tomorrow: Veterans Day

Ralf.Hildebrandt at charite

Nov 10, 2009, 1:05 PM

Post #23 of 28 (1294 views)
Permalink

Re: Regex Question [In reply to]

* John Hardin <jhardin [at] impsec>:

> In that case, depending on the MTA logging, perhaps he could still
> disable catchall and then troll the logs to see which invalid
> addresses were attempted.

Or block tke mail to any recipient starting with "|"
In postfix that could be done with

check_recipient_access regexp:/etc/postfix/blocked_recipients

with /etc/postfix/blocked_recipients:

/^\|/ REJECT

I would weed that absolutely unwanted stuff out at the MTA level to
keep resource usage low (bandwidth, mostly)

> ...or does _no_ modern MTA log the recipient addresses it rejects? I
> haven't actually looked... :)

I'v seen sendmail & postfix log the non-existing addresses.

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt [at] charite | http://www.charite.de

lists07 at abbacomm

Nov 10, 2009, 1:09 PM

Post #24 of 28 (1292 views)
Permalink

RE: Regex Question [In reply to]

some centos people are having a pub party and the "kings and queens" in
london

it might be over already based upon time difference from usa

maybe all of you could go there and drink beer and duke it out or something
constructive

;->

- rh

bill at inetmsg

Nov 10, 2009, 2:49 PM

Post #25 of 28 (1287 views)
Permalink

Re: Regex Question [In reply to]

Ralf Hildebrandt wrote:
> * Benny Pedersen <me [at] junc>:
>> On tir 10 nov 2009 15:26:43 CET, "richard [at] buzzhost" wrote
>>> Please keep this in your mind in future before trotting out that tired
>>> old gas.
>> imho Ralf have never being banned in maillist here, if you dont like
>> his answers just unsubscribe
>
> Good point, but richard has been banned multiple times on the postfix
> list for asocial behaviour...

Be careful, Ralf, else you risk inciting richard to reappear on the SA
list as another fictitious user and start his flaming rants and raves
again, as he has done in the past...

Bill

1 2

View All

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads