Craig Jackson wrote:
> Often a ehlo is of the the form server23.mx23.domain.com. I would like
> to record only domain.com from the ehlo into a database. This is what I
> have,
>
> warn condition = ${lookup mysql{CAPTURE_EHLO}{yes}{no}}
>
> where CAPTURE_EHLO is
> CAPTURE_EHLO = UPDATE whitelist SET \
> ehlo='${quote_mysql:${sg {$sender_helo_name} \
> {\N(?<![^.]*\.(com|net|edu|gov|org))\N}{}}}' \
> WHERE domain='${quote_mysql:$sender_address_domain}'
>
> But I get error " lookbehind assertion is not fixed length at offset 32"
> Not only that, my expression limits me to only a few TLDs.
>
> This appears to me to require some kind regex to strip the
> server123.mx23. away. Can someone take this a bit farther?
Here's a useful list of all the two level tlds that are out there too!
http://spamcheck.freeapp.net/two-level-tlds
.. and all the generic TLDs
http://www.iana.org/gtld/gtld.htm
I've been meaning to put this type of thing in place for URL scanning ..
just haven't done it yet. I sure wouldn't like to see the regex!! I
thought I'd just stick it in a separate program that does all that
processing anyway ;)
--
oops, don't have my signature here!