Victor Duchovni a écrit :
> On Sat, Jun 27, 2009 at 12:00:09AM +0200, mouss wrote:
>
>> Louis-David Mitterrand a ?crit :
>>> Hi,
>>>
>>> A lot of spam comes from certain ip ranges (e.g. west africa) through
>>> relays (large ISPs) that would be too onerous to block. To filter these
>>> I am presently matching:
>>>
>>> /^((Received|X-Originating-IP):.+\b(124\.120\.1\.(<IP RANGE IN
>>> REGEX>)\b/
>>> in pcre:/etc/postfix/header_access. But converting IP ranges to regex'es
>>> is time consuming and error prone.
>> except for simple cases, it is impossible.
>
> Impossible is too strong. Just painful if done by hand.
>
true. I meant there is no "simple" correspondence between cidr and
regular expressions. that is, one can't do
/....124\.120\.1\64\/28 .../
now, one nice feature would be the ability to pass some parts to a check:
<INVALID> (those reading this should be aware that the following is
fiction. it doesn't exist. so don't ask how you could make it work on
your system).
/^Received: ..... \[(\d\.]+)\] .../ check_ip $1
check_ip =
reject_unknown_client{$arg}
reject_rbl_client zen.spamhaus.org{$arg}
...
</INVALID>
but then again, we come back to "what would be generic control grammar?"
which is not a simple problem.
