Matus UHLAR - fantomas wrote:
I have made a few rules to match bodies of e-mail forwarded to our abuse
account. they should match if IP from our range appears in the abuse
report:
body __GTSSK_IP04 /\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/
should match any IP from range 213.215.64.0/18
On 02.12.11 10:31, Kris Deugau wrote:
Only if this content is in the normal message body; if it's in an
attachment or in the outer message headers this won't match.
header __GTSSK_IP04 Received =~
/\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/
If you're trying to match on RFC822 attached emails, you'll need to
use the "mimeheader" rule type,
I am afraid this does not apply to Received: headers.
At least this rule:
mimeheader T_BLAH Received =~ /62\.168\.116\.69/
did not match this line:
Received: from [62.168.116.69] (helo=ns.nitranet.sk)
with some negating rules to prevent
hits on the outer message's headers. *sigh*
well, that is something I would like to avoid...
It's quite possible that received messages will have ouy IP ranges in
their headers.
I have tried to use "rawbody" rule but still no match.
I have SA 3.3.1 with perl 5.8.8 on gentoo linux...
can either of those cause the problem?
I've had the same sort of trouble matching the rejected message
header in backscatter bounces. (If someone can explain to me why I
should allow structurally legitimate postmaster notices responding to
fake Twitter, Facebook, Linked, etc messages into customer's email
accounts, I'm listening...)
I've found I need to have a rawbody rule *and* mimeheader+(!header)
in order to catch all of the variations assorted mail systems and
mail clients generate. :(
which SA version?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...
