--On Thursday, March 18, 2004 6:10 pm +0000 Chris Edwards
<chris@???> wrote:
>| No, but I've had the following rule in my bogus-virus-warnings
>| SpamAssasin ruleset since earlier today; I guess you could drop the
>| regex into the DATA ACL equally well:
>
> Like this:
>
> deny condition = ${if match{$h_X-Priority:}{3}{yes}{no}}
> condition = ${if match{$message_body}{<OBJECT STYLE=\"display:none\" *\
> DATA=\"http:\/\/[0-9\.]+:81\/[0-9]+\.php\">} {yes} {no}}
Is that right? Isn't this going to look for an IP address with a trailing
dot, like 1.1.1.1.:81? Shouldn't the regexp look like this:
...\"http:\/\/[0-9\.]+[0-9]+(:[0-9]+)?\/[0-9]+\.php\"...
Note, I've made the port number variable, and optional, too, I think.
> The test of X-Priority header is meant to allow discussion of the recipe.
>
> Note we've seen some with 2 spaces before the "DATA".
>
> Chris
>
> --
> Chris Edwards, Glasgow University Computing Service
>
> --
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
>## details at http://www.exim.org/ ##
>
--
Ian Eiloart
Servers Team
Sussex University ITS
