Dennis Davis wrote:
> On Fri, 9 Jun 2006, list1 wrote:
> > In the above examples the only the thing that is in common, that
> > none of them have any "." in the HELO. Is there a way to find them
> > with regex?
>
> Something like:
>
> deny message = Rejected because of unacceptable syntax in \
> HELO/EHLO name:\n\
> $sender_helo_name\n\
> This is commonly associated with misconfigured \
> mail software;\n\
> see RFC2821 section 4.1.2 for legal domain syntax.
> log_message = invalid HELO syntax $sender_helo_name
> condition = ${if ! match {$sender_helo_name}{\N^[^.].*\.[^.]+$\N}}
>
> should do it.
>
> You might also like to reject a few others indicating a suspect host,
> eg hosts thinking they're called "localhost.localdomain".
This RE might be better, but i haven't tested it much.
^[^.]+(?:\..*?)?\.[^.]{2,4}$
It was tested with a few strings using perl. I'm not sure if pcre supports
(?: but since it's supposed to be perl compatible, it should.
It will only accept names that appear proper.
It does this:
requires that the string not being with a dot.
requires that the end of the string be in the form of .<tld> (2 to 4 letter
tld).
It does block localhost.localdomain, and any string w/o a dot.
--
Lab tests show that use of micro$oft causes cancer in lab animals
Got Gas???
