OT: Perl Compatible Regular Expressions

Paul Welsh paul at welshfamily.com
Mon Dec 19 23:52:36 GMT 2011


On 18 Dec 2011 14:06:33 Chris Rees <utisoft at gmail.com> wrote:
>
> Example regexes:
>
> ^smtp-out-[0-9]+-[0-9]+.amazon.com$
>
> (using the beginning delimiter ^ and end delimiter $ makes the regex
> much faster too since if the first character fails to match it skips
> that regex and also stops matching mail13.domain.com.evil.scammer.com)
>

Thanks very much, Chris.  It was the ^ and $ that made the difference!

For anyone else using the greylist at
http://packages.debian.org/unstable/mail/greylistd along with Exim
4.6, it's worth noting that the whitelist-hosts file doesn't support
listing IPs in this format, even though the documentation says it
does:
123.123

Instead, it would have to be:
123.123.0.0/16

So too, subnets have to be whole octets so using /19 for example doesn't work.

The Perl compatible regular expressions do work but some brief testing
shows that the FQDNs of the big boys like Amazon, Facebook, Google,
Hotmail, Messagelabs, etc are pretty complex and using a Perl
compatible regular expression would be a nightmare.  So simply using
the domain name works pretty well, eg, *.amazon.com.  By work, I mean
that a spammer could use:
helo mail.amazon.com
and this would not fool the greylist daemon; a reverse lookup on IP is done.

For companies that use a smaller range of mail servers then regex may
work better but then again, an IP range is probably just as effective.
 Of course, if a large company had mail servers named mail01, mail02
... mail99 but they were geographically distributed then using regex
would save typing lots of IPs.

So, after all that, regex is probably of limited use.

Hopefully someone else may find this of interest in future.


More information about the MailScanner mailing list