On Mon, 29 Sep 1997 12:38:18 +0300 (EET DST), I wrote:
On Mon, 29 Sep 1997 09:23:36 +0300 (EET DST), I wrote:
Jeff Thieleke <thieleke(_at_)ix(_dot_)netcom(_dot_)com> wrote:
(Sorry for the earlier misattribution. This is out of a message from
Felix Tilley originally):
Received: From mailhost.UTP.net(alt1.utp..net(333.2.44.55)) by utp.net;
^^ ^^^ ^^
Oops! IP (IPv4) numbers are 8 bit value (0-255)...333 is no good.
There is a recipe for this type of fakery, but I don't have ready
access to it at the moment. Can someone repost it?
I only have badly working ones on file. The primary problem with these
Blah blah. Try this:
* ^Received: from [^[( ]+ ?[[(]?(([a-z][-a-z0-9._]*)* ?)? ?[[(]\
((0|1?[1-9][0-9]?|2[0-4][0-9]|25[0-5])\.)*\
(25[6-9]|[3-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|0[])])
Blah blah indeed. That one contained a few bugs. This is what I have
now:
* ^Received: from [^[( ]+ ?[[(]?(([a-z][-a-z0-9(_dot_)_(_at_)!]*)* ?)?[[(]\
((0|[1-9][0-9]?|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.)*\
(0[0-9]+|25[6-9]|[3-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|0[])])
Important changes: My earlier recipe would inadvertently not react on
anything with the octets 100-109 in it (oops!), the reverse-lookup
name might contain a user name with an @ and many of the fake
Received: lines I saw would contain a shout mark. (The variant where I
grabbed the whole IP number into $MATCH should also add a plus after
[1-9][0-9][0-9][0-9] to catch any larger numbers.) And I now also
check for numbers with leading zeros (thanks, Jeff).
/* era */
Looks like yet another cursed thread. Hang on for more followups to my
own messages where I tell you what else I did wrong. Grr.
--
Paparazzi of the Net: No matter what you do to protect your privacy,
they'll hunt you down and spam you. <http://www.iki.fi/~era/spam/>