On Fri, 2011-04-22 at 16:07 +0100, Niamh Holding wrote:
> I have a custom rule-
>
> header NH_TDIALIN X-Spam-Relays-Untrusted =~ /^[^\]]+
> rdns=.*dip\.t-dialin\.net/i
^^
The rdns= part correctly is in the first block. The above marked pattern
to match any host runs wild, though -- it reads "any char, any number of
times" an thus happily consumes everything, including the square bracket
hop borders.
What you want instead is to match anything BUT a space /[^ ]+/. That
will prevent this part from matching beyond borders. More specifically,
it prevents matching any other data point and ensures the right hand
part actually is the rDNS as desired.
> describe NH_TDIALIN Received directly from dynamic t-dialin.net address
>
> Now the regex should only match on anything in the first [...] block
> of the X-Spam-Relays-Untrusted header (Note the ^[^\]]+ part of the
> pattern; that skips anything but "]" characters, ensuring that the
> match will only happen within the first [...] block of the
> pseudo-header string. so says the page at
> http://wiki.apache.org/spamassassin/TrustedRelays), however the rule
> is being triggered by this-
>
> [ ip=212.227.17.8 rdns=moutng.kundenserver.de helo=moutng.kundenserver.de
> by=mail.redbus.holtain.net ident= envfrom= intl=0 id= auth= msa=0 ] [
> ip=84.165.216.65 rdns=p54A5D841.dip.t-dialin.net helo=labsco.de
> by=mrelayeu.kundenserver.de ident= envfrom= intl=0
> id=0MLOoU-1QCibS31jm-000eF3 auth= msa=0 ]
>
> where the t-dialin.net rdns is clearly in the second [...] block and indeed
> if I put the regex and the header in to my regex tester I get no match as
> expected.
The regex tester is broken.
> So why does Spamassassin find a match?
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
