On 7 Apr, Dallman Ross wrote:
| On Mon, Apr 07, 2003 at 12:47:43PM -0400, Don Hammond wrote:
| [...]
| > 2. I have some Received: headers that enclose the ip number with
| > parentheses instead of brackets (qmail, maybe?). I also have a shell
| > script that looks at Received: headers, used before plonking netblocks
| > in sendmail's access.db. It allows for spaces enclosing the ip. It
| > was a while ago, but I did extensive testing because of the critical
| > nature of the script; and though I can't find one in my inbox, I'm
| > sure I saw some ip numbers delimited that way. (That's not to say
| > it's rfc compliant. I don't know either way, but enforcing that isn't
| > my purpose.)
| >
| > Given all that, I'd rewrite the regular expression to allow the ip to
| > be enclosed with space, paren, or bracket.
|
| I don't know that I'd do so. The ones that use a paren or no bracket
| at all are, in my observation, almost always intrasite, e.g., from
| a local host to a local mail server with, as you speculated, qmail
| or whatever. The RFCs call for brackets, is my understanding, for
| any across-IP broadcasting.
| [...]
I vaguely recalled something like that too, which was the reason for
the parenthetical nod to rfc compliance. I'd never noticed before, but
you're right that most of those without brackets are intrasite. So,
let's ignore this suggestion and tie this all up to (hopefully) help
stop the original poster's head from spinning. ;-)
OCTET='(0|[1-9][0-9]?|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))'
:0
* 1073741824^1 ^Received:\/.*by (astro\.snellfamily\.com|\
jinx\.unknown\.nu)
* ! MATCH ?? from astro\.snellfamily\.com.*by jinx\.unknown\.nu
{
CHECK="$MATCH"
:0
* $ CHECK ?? ()\[\/$OCTET\.$OCTET\.$OCTET\.$OCTET
{ CHECKIP=$MATCH }
}
1. This increases the weight on the scored condition for efficiency, so
procmail only looks at 2 Received: headers.
2. It eliminates the (by|from) alternation in that condition which was
unnecessary.
3. It moves the match opeator (\/) to the right of Received:. This is
probably a negligible improvement. (N.B. You DO want the ".*" to the
right of the match operator in this condition to get the greedy match
including the ip number.)
4. Eliminated the Received:.* in the nested condition. This one slows
procmail needlessly.
5. Returns to looking only for a left bracket enclosing the ip number.
6. Tightened up the ip number regular expression.
Kim should be able to put that in an rcfile for testing as described
previously. And I think it works. ;-)
--
Email address in From: header is valid * but only for a couple of days *
This is my reluctant response to spammers' unrelenting address harvesting
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail