Autor: alxgomz Data: Para: Todd Lyons, alexandre CC: exim-users, Peter Asunto: [exim] Re :Re: extract ip from Received lines in ACL
Le 14 sept. 2009 05:07, Todd Lyons <tlyons@???> a écrit : > On Sun, Sep 13, 2009 at 2:16 PM, alexandre alxgomz@???> wrote: > > This is part of a regex that I wrote for a python script. > > You'll certainly need to adapt it for perl and complete it for your own > > mailservers/network but may be a good start. > > As is, IP is the 3rd subgroup of th regex. > > > > 'Received:\ from\ ([\[\w\-_]+\.)*\w+\]?\s*\(([\w\-\_]+\.)*\w*\s* > > \[((\d{1,3}\.){3}\d{1,3})\]\)\s+by\s+'
> Is long as the IP address reverse resolves, it will be the third > group. If the host does not reverse resolve, then there will only be > two groups. In my log parsing script, I use this:
Yes that's true, but do you accept mail from hosts that doesn't reverse
have lookup? If so you should not.
Even your own clients (relay networks) should have PTR records in some
forms like "stuff.like.reversed.ip.dyn.dial.in-addr.arpa"
> my $host_in3_regex='(\S+) \([\w.]+\)( \[[\d.]+\])'; > my $host_in2_regex='\(\S+\) (\[[\d.]+\])'; > my $host_out2_regex='(\S+ \[[\d.]+\])\*?'; > my $host_in2b_regex=$host_out2_regex;
> In the first, I capture the hostname, reverse hostname, and IP > separately. In the second I capture the hostname and IP separately. > In the last one, I capture the hostname and IP together (has to do > with how I stuff it in the database). > -- > Regards... Todd