Three-way match headache

Philip Hachey PHachey at CITY.CORNWALL.ON.CA
Thu Jul 28 15:33:33 IST 2005 

As Julian pointed out, any regexp that contains only numbers is supposed
to match IP addresses, not domain names.  Can anyone confirm this?

As to the complication of the regexp:

Most ISPs are (or should be) sending from one (or as few as possible) IP
addresses anyway.  Multiple receiving hosts (MXs) are more common, but
not the concern here.  Outside of asking or careful observation, the only
way to know the "extra" addresses from which a domain sends is if you're
fortunate enough that they have published an SPF record.

Anyway, I think this way is nicer than having to rewrite the entire rule
for each possible IP address.

Consider a domain name that sends from three addresses.  Using your
proposed style of rule if it is implemented in MS:

From: aa.aa.aa.aa     andFrom: user at domain     andTo: otherdomain     yes
From: bb.bb.bb.bb     andFrom: user at domain     andTo: otherdomain     yes
From: cc.cc.cc.cc     andFrom: user at domain     andTo: otherdomain     yes

Using the regexp method I proposed which MS is already capable of
(assuming it works):

From: user at domain     andFrom:
/^(?!(aa\.aa\.aa\.aa|bb\.bb\.bb\.bb|cc\.cc\.cc\.cc))$/     no
From: user at domain     andTo: otherdomain     yes

Which seems a bit easier to manage, in my opinion.

Regards,
----------------------------------
Philip J. Hachey, BCS(High Hons)
Programmer-Analyst
City of Cornwall



Chuck Foster <chuck.foster at STREAMSHIELD.COM>
Sent by: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>

2005-07-28 04:54
Please respond to MailScanner mailing list
       
        To:        MAILSCANNER at JISCMAIL.AC.UK
        cc:        
        Subject:        Re: Three-way match headache


Hmm, from what I can tell in RuleToRegexp, a /..../ expression is
automatically text (ie. domain check) and not IP-based, unfortunately.
 
But it was a nice idea, though with multiple incoming mail servers that
could get to be quite a nasty regexp!
 

Assuming Perl regexp "extended patterns" (I haven't tried) can be used,
consider the following two lines in the order presented:

From: user at domain     andFrom: /^(?!ip\.ad\.dr\.es)$/     no
From: user at domain     andTo: otherdomain                 yes

The regular expression in the first line basically says to act "no" if
the message is from user at domain but NOT from the specified IP address.

Good luck.


               From: ip.ad.dr.es and From: user at domain and To:
otherdomain   yes


This message should be regarded as confidential. If you have received
this
email in error please notify the sender and destroy it immediately.
Statements of intent shall only become binding when confirmed in hard
copy
by an authorized signatory.

 

This message has been scanned for viruses and potentially harmful content
by StreamShield Protector.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



    [ Part 2, "S/MIME Cryptographic Signature"  ]
    [ Application/X-PKCS7-SIGNATURE  5.4KB. ]
    [ Unable to print this part. ]

More information about the MailScanner mailing list