wildcards in whitelist

Glenn Steen glenn.steen at gmail.com
Fri Feb 23 09:35:01 CET 2007 

On 22/02/07, Furnish, Trever G <TGFurnish at herffjones.com> wrote:
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info
> > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of mikea
> > Sent: Friday, February 16, 2007 12:29 PM
> > To: MailScanner discussion
> > Subject: Re: wildcards in whitelist
> >
> > On Fri, Feb 16, 2007 at 10:02:48AM +0100, shuttlebox wrote:
> > > On 2/15/07, mikea <mikea at mikea.ath.cx> wrote:
> > > >I think it does. Typically, I'll use whitelist entries in
> > this form:
> > > >
> > > >FromOrTo:       *@domain.com            yes
> > > >
> > > >to catch the case in which good mail comes directly from
> > domain.com,
> > > >and
> > > >
> > > >FromOrTo:       *@*.domain.com          yes
> > > >
> > > >for cases in which all subdomains send good mail.
> > >
> > > Shouldn't just *domain.com cover that?
> >
> > No.
> >
> > *boo.com would cover boo.com, a.boo.com, and so on, but also
> > would cover aboo.com, taboo.com, cariboo.com, and other
> > possibly undesirable cases. The "." is important.
>
> Aren't they supposed to be perl regexes, and in that case, doesn't
> .boo.com still match aboo.com?
>
> In perl (and most other regex implementations AFAIK) the period
> represents a single occurance of (almost) any character, so the
> following command line:
>
>         echo aboo | perl -ne 'print "yes\n" if (/.boo/)'
>
> ...does in fact print "yes".  If you don't want . to match 'any
> character', then you should escape it with a backslash.
>
> Actually I've wondered frequently whether this weren't a mistake in the
> MailScanner examples, but have never taken the time to go through the
> code and decide for certain.  There is an occurance of "\." in the
> rules/EXAMPLES file for escaping the periods between octets in an ip
> address.  I don't see anything to indicate that it shouldn't also be
> used between domain parts.
>
You can actually test this;-).
Observe:
-----
# MailScanner --changed|grep virusscanning
virusscanning                      yes            RULESET:Default=yes
# grep glenn.steen /etc/MailScanner/rules/virus.whitelist.rules
From:   glenn.steen at aa.ap1.se                           no
# MailScanner --from=glenn.steen at aa.ap1.se --to=glenn.steen at ap1.se
--value=virusscanning
Looked up internal option name "virusscan"
With sender = glenn.steen at aa.ap1.se
  recipient = glenn.steen at ap1.se
Client IP =
Virus =
Result is "0"

0=No 1=Yes
# MailScanner --from=glenn.steen at aaaap1.se --to=glenn.steen at ap1.se
--value=virusscanning
Looked up internal option name "virusscan"
With sender = glenn.steen at aaaap1.se
  recipient = glenn.steen at ap1.se
Client IP =
Virus =
Result is "1"

0=No 1=Yes
#
-----
So the answer is: No, that is not straight perl REs, if you want that
you need enclose the RE in slashes like /.*@example.net/ (btw, a lone
asterisk is _not_ a generic glob-like wildcard in perl, it is a "0 or
more" repetition indicator... sort of a shorthand for {0,} ... You do
need tell perl _what_ to repeat;-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list