|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "Potted" regexquestion
From: Tony Earnshaw (tonye
billy.demon.nl)
Date: Sun Apr 18 2004 - 12:01:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
søn, 18.04.2004 kl. 04.42 skrev Wietse Venema:
> > > The spam comes (jwhois) from Madritel ES 213.37.150.0 - 213.37.251.255.
> > > So I make a fine pcre regexp for Madritel:
> > >
> > > /(?:^Received:\s{1,2}from\s+.+213\.37\.(?:(?:(?:1(?:[5-9][0-9])|(?:2(?:0|1|2|3|4)[0-9])|(?:25[0-1]))))\.\d{1,3})/
> > >
> > > It works beautifully, but costs some time to make it and test it. Just
> > > for one spammer network, which could just as well be a zombie network.
> > > There must be hundreds or thousands of them.
>
> This really needs an XCLIENT enabled proxy between fetchmail client
> and Postfix; the proxy would impersonate as the client listed in
> the ISP's Received header, and you could use all the built-in
> Postfix ACLs.
>
> Anyone hack up a few lines of Perl for Bennett Todd's proxy?
Hmmm ... this isn't fetchmail. I don't suppose it's so common - my ISP
is Demon Internet and his mailkick daemon connects directly to my port
25 when I join the Internet and sends mail. Same as a fallback MX and
ETRN.
The XCLIENT in my case would need to impersonate as MAIL FROM: in the
envelope sender. But as I say, this would be specific to Demon
Internet's mailkick daemon (large ISP in the UK and
Netherlands/Belgium), but its implementation is not that common.
Thanks anyway - *fine* MTA :)
--Tonni
--
Kattekots op de vloer
na de moeë thuiskomst,
weinig walg verwekt.
Getrouw als kind
de kat heet welkom,
wellicht nog knabbels krijgt.
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]