WC -Sx- Jones <[EMAIL PROTECTED]> wrote:
: : PCRE 4.5 revisited :(
What's PCRE 4.5?
pcre.org - PCRE 4.5 is the latest Perl Code Regular Expression extension which can be "compiled" into other systems -- to allow such systems to use Perl-like R/Es -- but it isn't 100% Perl R/E compatible. About 85%.
I use it inside my Postfix MTA (SMTP) server to do things like this in a e-mail message body check:
/\<(?!\!doctype)(?!\!\-\-\s)(?!.+@)(?:[!gjyz].*|[dkv]\w{3,}|\/aol)\>/ HOLD Invalid HTML Coding
Or this, during a HELO/EHLO handshake:
/^(?:(?![a-z]).)*$/ REJECT All Digits Seen Sender MTA not properly configured /local(?=host|domain)/ REJECT Use proper HELO EHLO Sender MTA not properly configured /insecurity\.org/ REJECT Use proper HELO EHLO Do not masquerade as my domain name /mediaone\.net/ REJECT Use proper HELO EHLO Do not masquerade as non-existent domain
Or this inside a header check:
/\=.*ks_c_/
REJECT Invalid charset ks_c_ Korean Not US ASCII - I cannot read Korean
/\=.*koi8/
REJECT Invalid charset koi8-r Russian Not US ASCII - I cannot read Russian
/\=.*WINDOWS\-1251/
REJECT Invalid charset WINDOWS-1251 Russian Not US ASCII - I cannot read Russian
As far as the original post went I would normally try to use a CIDR test (another Postfix extension) like this:
211.32.116.0/22 REJECT CIDR Block 211.32.116.0/22 Banned - Korean Spam Source
However, since the session was "mail kicked" by another ISP prior to me seeing it, a CIDR test would not work, I could ONLY test the headers.
-- _Sx_ http://youve-reached-the.endoftheinternet.org/ _____ http://jaxpm.insecurity.org/ http://cis4dl.insecurity.org/
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
