On Thu, Jun 25, 2009 at 10:14:29PM +1000, Barney Desmond wrote: > 2009/6/25 Louis-David Mitterrand <vindex+lists-postfix-us...@apartia.org>: > > /^((Received|X-Originating-IP):.+\b(124\.120\.1\.(<IP RANGE IN > > REGEX>)\b/ > > > > in pcre:/etc/postfix/header_access. But converting IP ranges to regex'es > > is time consuming and error prone. > > > > Is there a way to use a cidr table for header matching while retaining > > control of the prefix ^(Received|X-Originating-IP) ? > > I suspect you're out of luck. To be sufficiently general to be useful, > I understand Postfix takes the entire header and uses it as a lookup > key to the defined table (you're not limited to pcre/regexp, but not > much else will be useful). Bare IP addresses of course wouldn't appear > as headers, so you can't use a CIDR table. > > > Or another better way? > > Someone else may have a better, or they might say you should be using > a DNSBL for this sort of purpose. I personally suspect this IP-based > method won't stay up-to-date enough for practical purposes, which is > why it's probably easier to let someone else do the work and use their > blacklist.
If you have a cidr list, it's sufficiently easy to use some perl magic and make regex out of it. You can make pretty large lists into smallish regex since there's only so many characters in IPs. I already made a bare script our of curiosity, need to finish it..
