>>> On 5/17/2012 at 9:55 AM, John Hardin <jhar...@impsec.org> wrote: > On Wed, 16 May 2012, Joseph Acquisto wrote: > >>>>> On 5/16/2012 at 8:53 PM, "Joseph Acquisto" <j...@j4computers.com> wrote: >>>>>> On 5/16/2012 at 5:18 PM, Brent Gardner <bgardnermailingli...@gmail.com> >>>>>> wrote: >>>> >>>> How about: >>>> >>>> /\.ru\b/i >>> >>> I will give that a try. >> >> That worked. But I imagine it may trigger on innocuous instances of .ru as > well, so it should also include check for http:// and wildcard for domain. > > What were you doing that _didn't_ detect that? The "proper" way is this: > > uri URI_DOT_RU /\.ru\b/i > > ...and let the body parser figure out the "link" context. > > Is there some reason that won't work? > > Could you post the rule you were originally using? > > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ >
I attempted to adapt something from a similar regex provided by a vendor of a commercial product. It was to detect country codes we do not want to accept mail from. No doubt my ignorance of SA and regex in general will be on display for the amusement of many. rawbody URI_RU m,^https?://[^.\.][ru]/,i joe a.
