Loren Wilton wrote:
Here's an odd perl question: can you reference $1 and its siblings
within the regex itself? such as:
/^\[ ip=(\d+)\.(\d+)\.(\d+)\.(\d+) rdns=\S*(0*($1|$2|$3|$4)\S){2,4}\S*
[^\]]* auth= /
You can do it, but it slows down the whole regex system as soon as you
have a capturing regex. Or so I'm told by the Perl regex docs. Use
backslashes, not dollar signs.
/^\[ ip=(\d+)\.(\d+)\.(\d+)\.(\d+) rdns=\S*(0*(\1|\2|\3|\4)\S){2,4}\S*
[^\]]* auth= /
As a side note, while I'm not completely sure what you are trying to
accomplish, it seems to me that if you just set your trust paths
correctly and enabled some of the net rules that 99% of this is already
caught with existing rules. You might want to tweak some scores or add
some metas. But rebuilding the entire logic to determine if the message
came from a forged host seems like a strange concept, when SA already
does that.
I'm not looking for a forged host. I'm looking for someone else's
dynamic/end client. Only one of the 5 tests I gave looks for forged PTR
record.
The first one rejects people who NO PTR record. The second rejects
people who have misconfigured their DNS in a fundamental way. The third
is the forged PTR record. The fourth and fifth one are entirely about
"is this a dynamic/end client for some other network" (meaning: someone
who should be connecting to their own mail server instead of connecting
directly to my mail server). I'm not aware of any checks that duplicate
the effort of #4 and #5. If they already exist, I'd be glad to know.
You're right to some extent though. I mainly care about the 4th and 5th
check, and if SA already really handles the first 3, I don't need to
duplicate that effort. I do them all in one place now, in mimedefang,
because I want to be sure that the hostname I look at for #4 and #5 is
the actual legitimate hostname.
So... which just for my curiosity, which test specifically duplicate my
first 3 checks (so I can adjust their scores to suit my needs)? Or does
SA just generally cover those topics?
