Templates [was: Prediction ...]

[Matthias Andree]

On Fri, 02 Jul 2004, Tom Allison wrote:

> The two problems are the identification of a proper regex for parsing 
> out the IP address correctly.  I do think perl could do this really well 
> in one line.
> 
> For example:
> gizmo11ps.bigpond.com (gizmo11ps.bigpond.com [144.140.71.21])
>         by cling.tacocat.net (Postfix) with SMTP id 5F3C54C081
> 
> Should work out to:
> /(\d+\.\d+\.\d+\.\d+).+?by $fqdn_localhost/o
> Should set $1 to the IP address every time.

It's a bit optimistic because albeit the Received: headers are
structured, there is a certain amount of freedom what is recorded there
and the other difficulty (I'm jumping in later into the discussion,
haven't read all the earlier posts) is figuring out which Received:
header is the right one to choose. Of course, RFC-1918 and reserved IPs
(as per the IANA IPv4 Address Assignments) are not it but you really
don't want to rely on a Received: header that a spammer or proxy has
recorded that you don't trust.

-- 
Matthias Andree

Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)