Templates [was: Prediction ...]
Matthias Andree
matthias.andree at gmx.de
Sun Jul 4 11:48:46 CEST 2004
On Fri, 02 Jul 2004, Tom Allison wrote:
> The two problems are the identification of a proper regex for parsing
> out the IP address correctly. I do think perl could do this really well
> in one line.
>
> For example:
> gizmo11ps.bigpond.com (gizmo11ps.bigpond.com [144.140.71.21])
> by cling.tacocat.net (Postfix) with SMTP id 5F3C54C081
>
> Should work out to:
> /(\d+\.\d+\.\d+\.\d+).+?by $fqdn_localhost/o
> Should set $1 to the IP address every time.
It's a bit optimistic because albeit the Received: headers are
structured, there is a certain amount of freedom what is recorded there
and the other difficulty (I'm jumping in later into the discussion,
haven't read all the earlier posts) is figuring out which Received:
header is the right one to choose. Of course, RFC-1918 and reserved IPs
(as per the IANA IPv4 Address Assignments) are not it but you really
don't want to rely on a Received: header that a spammer or proxy has
recorded that you don't trust.
--
Matthias Andree
Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)
More information about the Bogofilter
mailing list