|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "Potted" regexquestion
From: Wietse Venema (wietse
porcupine.org)
Date: Sat Apr 17 2004 - 21:42:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Noel Jones:
> > The spam comes (jwhois) from Madritel ES 213.37.150.0 - 213.37.251.255.
> > So I make a fine pcre regexp for Madritel:
> >
> > /(?:^Received:\s{1,2}from\s+.+213\.37\.(?:(?:(?:1(?:[5-9][0-9])|(?:2(?:0|1|2|3|4)[0-9])|(?:25[0-1]))))\.\d{1,3})/
> >
> > It works beautifully, but costs some time to make it and test it. Just
> > for one spammer network, which could just as well be a zombie network.
> > There must be hundreds or thousands of them.
This really needs an XCLIENT enabled proxy between fetchmail client
and Postfix; the proxy would impersonate as the client listed in
the ISP's Received header, and you could use all the built-in
Postfix ACLs.
Anyone hack up a few lines of Perl for Bennett Todd's proxy?
Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]