Stan Hoeppner put forth on 9/12/2010 5:08 AM:
> mouss put forth on 9/12/2010 3:46 AM:
>
>> === header_checks_submission.pcre:
>> /^Received:\s*from\s+\S+\s+\(\S+\s+\[192\.168\.1\.\d+\]\)\s+by\s+your\.server\.example\s+\(Postfix\)/
>>
>> IGNORE
>
> Isn't this a bit heavy mouss? All he really needs to match is the
> RFC1918 address, yes? Something like should work shouldn't it?
>
> /^Received: from .*\[10(\.\d{1,3}){3}\]/ IGNORE
I just reread Ralph's last email. It would appear he's functioning in
an ISP submission type role. The Received: lines aren't going to be
containing an RFC1918 address, but public addresses.
My regex foo isn't as advanced as yours mouss, but it looks like your
regex above will only match if the IP is in 192.168.1.0/24 *and* his
server name is present. Given the varying public submission IPs, might
he want to strictly match on his server name string, and/or something else?
Ralph, do you restrict submission to only certain public subnets or do
you allow your users/customers to submit from any network? Could you
please provide a full non-obfuscated (except for private addresses)
header from a submission, copy/pasted from an MUA. I don't believe
server logs are going to show us everything we need to see here.
--
Stan
