On Tue, Apr 26, 2022 at 03:59:36PM +0200, Matus UHLAR - fantomas wrote:
> On 26.04.22 16:11, Henrik K wrote:
> > Maybe a bit safer version that doesn't log huge strings and run wild
> >
> > full FOO /^(?=.*?\nContent-Type:
> > message\/rfc822.{0,1024}?\nReceived:(?:[^\n]{1,100}\n\s{1,100}){0,3}[^\n]{0,100}\b1\.2\.3\.4\b)/s
>
> Doesn't this requires mime headers in specific order that may not be
> fullfilled?
Well if you want to match rfc822 contents, it's Received: headers can only
be after a rfc822 declaration.
Other than that it's up to you to figure out, since there's no samples. Of
course this doesn't replace a full parser, but as long as the stuff you
receive doesn't vary much, there's no reason for it not to work.
