Charles K. Clarkson wrote:
WC -Sx- Jones <[EMAIL PROTECTED]> wrote:
: : PCRE 4.5 revisited :(


What's PCRE 4.5?

pcre.org - PCRE 4.5 is the latest Perl Code Regular Expression extension which can be "compiled" into other systems -- to allow such systems to use Perl-like R/Es -- but it isn't 100% Perl R/E compatible. About 85%.


I use it inside my Postfix MTA (SMTP) server to do things like this in a e-mail message body check:

/\<(?!\!doctype)(?!\!\-\-\s)(?!.+@)(?:[!gjyz].*|[dkv]\w{3,}|\/aol)\>/ HOLD Invalid HTML Coding

Or this, during a HELO/EHLO handshake:

/^(?:(?![a-z]).)*$/
REJECT All Digits Seen Sender MTA not properly configured
/local(?=host|domain)/
REJECT Use proper HELO EHLO Sender MTA not properly configured
/insecurity\.org/
REJECT Use proper HELO EHLO Do not masquerade as my domain name
/mediaone\.net/
REJECT Use proper HELO EHLO Do not masquerade as non-existent domain

Or this inside a header check:

/\=.*ks_c_/
REJECT Invalid charset ks_c_ Korean Not US ASCII - I cannot read Korean
/\=.*koi8/
REJECT Invalid charset koi8-r Russian Not US ASCII - I cannot read Russian
/\=.*WINDOWS\-1251/
REJECT Invalid charset WINDOWS-1251 Russian Not US ASCII - I cannot read Russian



As far as the original post went I would normally try to use a CIDR test (another Postfix extension) like this:


211.32.116.0/22
REJECT CIDR Block 211.32.116.0/22 Banned - Korean Spam Source

However, since the session was "mail kicked" by another ISP prior to me seeing it, a CIDR test would not work, I could ONLY test the headers.

--
_Sx_ http://youve-reached-the.endoftheinternet.org/ _____
     http://jaxpm.insecurity.org/
     http://cis4dl.insecurity.org/

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>




Reply via email to