Hi,
since a couple of weeks I'm using a mixed list of hostnames and regex
to recognise typical dialup reverse-DNS entries, which is surprisingly
successful ... (it catches 80+ % of all the SPAM I get)
In exim everything works like a charm, however, to improve and fine-tune
my regex and localbl (see below) I'd like to be able to test a certain
hostname (reverse-DNS) outside of exim (perhaps with pcretest?) against
every single regex (=line in the file) and report if it matched.
What makes it even more complicated is, that it's not only regex but
also jokered hostnames like '*.res.rr.com' which AFAIK can't be tested
with pcretest ...
So I'm looking for a way to run a given hostname, let's say
'cpe-069-132-056-130.carolina.res.rr.com'
would match four rules from dynamic_genregx:
^.*(\d+[\.-]\d+[\.-]\d+).*\.[a-z]{2,5}$
^.*[[:alnum:]]+-\d+-[[:alnum:]]+.*\.[a-z]{2,5}$
^.*\d.*\d.*\d.*\d.*\d.*\d.*\.[a-z]{2,5}$
^.*[0-9\.-]{8}.*\.[a-z]{2,5}$
AND the following rule from dynamic_localbl
*.res.rr.com
of course I can put these into pcretest one at a time, but what I'd
like to have is 'something' that runs the tests in the same way exim
does ...
I've tried exim_checkaccess (with a slightly modified config file
using deny instead of warn) but that doesn't tell me *which* rule
matched (if any) and it doesn't test further rules after one matched.
But I want to find *all* the rules that match a certain name ...
This is what the lists look like, a generic and a specific, each
of them stored in a separate file which looks like this:
file: dynamic_genregx
^(?i)(.*[0-9-]{4}.*)?((a|v)?dsl|cable|dhcp|(in)?dial(in|up)?|dyn(amic)?(ip)?|\
ppp(oe)?|(pp)?pool|broadband)([0-9-]{3}.*|.*[0-9-]{3})?\..{2,}\.[a-z]{2,5}$
^.*(\d+[\.-]\d+[\.-]\d+).*\.[a-z]{2,5}$
^.*[[:alnum:]]+-\d+-[[:alnum:]]+.*\.[a-z]{2,5}$
^.*\d.*\d.*\d.*\d.*\d.*\d.*\.[a-z]{2,5}$
^.*[0-9\.-]{8}.*\.[a-z]{2,5}$
file: dynamic_localbl (excerpt - list is much longer)
*.pools.arcor-ip.net
*.pppool.de
*.res.rr.com
^pool-\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\..*\..*.verizon.net$
^.*\.(sdi|(internet|a)dsl)\.tpnet\.pl$
^\d+\.ds\.nac\.net$
^\w\d+-\d+-\d+-\d+\.cybersurf\.com$
and they're used like this:
hostlist dynamic_localbl = CONFDIR/dynamic_localbl
hostlist dynamic_genregx = CONFDIR/dynamic_genregx
#####################################################
#
# check sender_host_name for typical dialups
warn
log_message = DEBUG: DYNIP generic regex
hosts = +dynamic_genregx
set DTDYNIP = ${eval: $DTDYNIP + 1 }
#####################################################
#
# local dialup blacklist
warn
log_message = DEBUG: DYNIP local blacklist
hosts = +dynamic_localbl
set DTDYNIP = ${eval: $DTDYNIP + 2 }
any idea, help, hints welcome ...
thanks in advance
- Karl