mouss put forth on 3/6/2011 7:03 PM: > /^.*foo/ > means "it starts with something followed by foo". and this is the same > thing as "it contains foo", which is represented by > /foo/
I was taught to always start my expressions with "/^" and end them with "$/". Why did Steven teach me to do this if it's not necessary? Steven being the author of the Enemies List: http://enemieslist.com/ which contains over 65,000 regexes matching FQrDNS patterns. > well, you know I know these:) we all got spam from these... As with most/all dynamic ranges. > 1) first use IP ranges. > 2) then domains (hash/cdb) > for example: > .alshamil.net.ae REJECT blah blah > because there is no point to try to match something like > auh-b113917.alshamil.net.ae > > 3) then use regular expressions, but only when IPs and domains aren't > the way to go. Well, you know I know these mouss. :) Have ever been locked in a certain train of thought and simply forgot to consider something related, later putting hand to forehead and saying "Duh!". My mindset was focused on showing how a single PCRE can block the same number of hosts as using IP addresses in a CIDR or hash table. I just didn't consider the domain blocking aspect of hash tables at the time. That's the "Duh!". I've been blocking domains with my hash table for something like 6 years now... I think some folks call this a "brain fart". ;) > no. IPs and domains are different things. > > cidr is about IPs. hash/cdb/pcre is about names. these are different > things and you know that. use each as appropriate. Of course. But IPs are valid in a hash table. You can even list them by the equivalent of a /24, /16, and /8 if you like, simply by omitting the last 1, 2, or 3 octets of the dotted quad. Just as I "brain farted" WRT using domains in a hash table, it appears you have done the same WRT to using IP addresses in a hash table. :) I agree it makes more sense to block domains with hash/cdb and IPs with CIDR. I've been doing exactly that for 5 of the 6 years I've been running Postfix. The first year (maybe less) I blocked IPs with a hash table, until I joined this list and learned about CIDR tables. I'm guessing most other new Postfix OPs go through the same progression--most "beginners docs" returned via Google teach the hash table and nothing else. > if the ISP makes it too much, then you should reduce it: > .embarqhsd.net REJECT blah blah Yeah, but then you end up potentially blocking large numbers of ham servers in SOHO land, in this case "*.sta.embarqhsd.net". Even in 2011 there are still hundreds of thousands or more SOHO MTAs on static IP aDSL and cable circuits with generic rDNS. I should know as I'm one of them. (Please let's not allow this to turn into yet another flame war WRT generic rDNS, real OPs rent a VPS/colo, yada yada--I'm not directing this at you mouss but to those predisposed to flog this dead, stripped to the bone, horse carcass). >>> a "better" example would be >>> /(\W\d+){4}\..*\.embarqhsd\.net$/ REJECT ... >> >> "Better" in what way? > > in the sense that this can't be represented using hash or the like. Ok. So you're not showing this PCRE above because it better matches the target rDNS string, or that the engine executes it faster or something, etc. You're simply saying don't use a PCRE for something you can match using a simpler table, such as hash/cdb. Correct? -- Stan
