|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
"Potted" regexquestion
From: Tony Earnshaw (tonye
billy.demon.nl)
Date: Sat Apr 17 2004 - 05:41:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
List,
mail_version = 2.0.19-20040312
Because I get my mail on port 25 via my ISP's mailkick server every time
I connect to the Internet (always the same IP number), I can't use CIDR
maps on this particular rig.
I get spam to a particular privileged user for whom most
smtpd_recipient_restrictions are bypassed. He can and does resort to
header_checks, though. Today spam comes in to him for thingy-growth
snake oil and I want to ban the network that sent it, which I do with
header_checks.
The spam comes (jwhois) from Madritel ES 213.37.150.0 - 213.37.251.255.
So I make a fine pcre regexp for Madritel:
/(?:^Received:\s{1,2}from\s+.+213\.37\.(?:(?:(?:1(?:[5-9][0-9])|(?:2(?:0|1|2|3|4)[0-9])|(?:25[0-1]))))\.\d{1,3})/
It works beautifully, but costs some time to make it and test it. Just
for one spammer network, which could just as well be a zombie network.
There must be hundreds or thousands of them.
Does anyone know of a site where I could pick up the meat of regexps for
such IP ranges for known spammer networks?
Best,
--Tonni
--
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl
--
Kattekots op de vloer
na de moeë thuiskomst,
weinig walg verwekt.
Getrouw als kind
de kat heet welkom,
wellicht nog knabbels krijgt.
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]