wildcards in whitelist
Furnish, Trever G
TGFurnish at herffjones.com
Thu Feb 22 22:27:05 CET 2007
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of mikea
> Sent: Friday, February 16, 2007 12:29 PM
> To: MailScanner discussion
> Subject: Re: wildcards in whitelist
>
> On Fri, Feb 16, 2007 at 10:02:48AM +0100, shuttlebox wrote:
> > On 2/15/07, mikea <mikea at mikea.ath.cx> wrote:
> > >I think it does. Typically, I'll use whitelist entries in
> this form:
> > >
> > >FromOrTo: *@domain.com yes
> > >
> > >to catch the case in which good mail comes directly from
> domain.com,
> > >and
> > >
> > >FromOrTo: *@*.domain.com yes
> > >
> > >for cases in which all subdomains send good mail.
> >
> > Shouldn't just *domain.com cover that?
>
> No.
>
> *boo.com would cover boo.com, a.boo.com, and so on, but also
> would cover aboo.com, taboo.com, cariboo.com, and other
> possibly undesirable cases. The "." is important.
Aren't they supposed to be perl regexes, and in that case, doesn't
.boo.com still match aboo.com?
In perl (and most other regex implementations AFAIK) the period
represents a single occurance of (almost) any character, so the
following command line:
echo aboo | perl -ne 'print "yes\n" if (/.boo/)'
...does in fact print "yes". If you don't want . to match 'any
character', then you should escape it with a backslash.
Actually I've wondered frequently whether this weren't a mistake in the
MailScanner examples, but have never taken the time to go through the
code and decide for certain. There is an occurance of "\." in the
rules/EXAMPLES file for escaping the periods between octets in an ip
address. I don't see anything to indicate that it shouldn't also be
used between domain parts.
More information about the MailScanner
mailing list