At 03:31 PM 9/26/2015, jdow wrote:
On 2015-09-26 07:12, RW wrote:
On Fri, 25 Sep 2015 10:28:42 -0400
Dianne Skoll wrote:
On Fri, 25 Sep 2015 14:21:50 +0000
Dave <da...@grolen.com> wrote:
I am trying to create a rule that scores TLD's in received headers
if they are not certain TLD's. What I have so far:
Your logic is wrong. And you can do it all with one regex:
header GC_TLD_COM Received !~/\.(?:com|net|org|edu|uk)\b/i
I won't comment on the advisability of such a rule; the policy is up
to you. Also beware that this will trigger on IPs with no reverse DNS.
There's usually a helo hostname even if there's no rDNS. The real
problem, as in the original rule, is that a single .com, .net etc
anywhere in the received headers causes it to fail.
Looking for any tlds that aren't on a list is fraught with problems -
particularly if you try to do it with received headers.
You mean something like, "badnetizen.borg.combeduck.foobar.yukky"?
I think this is mitigated by the \. in the
RE, to require "." before com net etc. a slicker version of
header GC_TLD_COM Received !~/(?:\.com|\.net|\.org|\.edu|\.uk)\b/i
still has a problem with something like
blah.networkingandspammarketing.pw
Probably the RE could be improved to match only on the top level domain
in the url.
{O.O}
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
