On Sat, Jun 27, 2009 at 12:27:50AM +0200, mouss wrote:
> Victor Duchovni a écrit :
> > On Sat, Jun 27, 2009 at 12:00:09AM +0200, mouss wrote:
> >
> >> Louis-David Mitterrand a ?crit :
> >>> Hi,
> >>>
> >>> A lot of spam comes from certain ip ranges (e.g. west africa) through
> >>> relays (large ISPs) that would be too onerous to block. To filter these
> >>> I am presently matching:
> >>>
> >>> /^((Received|X-Originating-IP):.+\b(124\.120\.1\.(<IP RANGE IN
> >>> REGEX>)\b/
> >>> in pcre:/etc/postfix/header_access. But converting IP ranges to regex'es
> >>> is time consuming and error prone.
> >> except for simple cases, it is impossible.
> >
> > Impossible is too strong. Just painful if done by hand.
> >
>
> true. I meant there is no "simple" correspondence between cidr and
> regular expressions. that is, one can't do
> /....124\.120\.1\64\/28 .../
$ ./cidr_to_regex.pl
124.120.1.64/28
10.1.1.1 - 10.1.12.255
->
1(?:0\.1\.(?:[23456789]|1[012]?)\.\d{1,3}|24\.120\.1\.(?:6[456789]|7\d))
It's pretty simple when you think about it. Just convert the CIDR to say
full C-classes (resulting in a.b.c.\d+{1,3}), only the last one might need
special stuff. Full B-classes to C-classes etc.. unless you have a very big
list, the resulting regex size will not be that huge since many of the
prefixes will be common.
