Templates [was: Prediction ...]
Tom Allison
tallison at tacocat.net
Mon Jul 5 15:12:19 CEST 2004
Matthias Andree wrote:
> On Fri, 02 Jul 2004, Tom Allison wrote:
>
>
>>The two problems are the identification of a proper regex for parsing
>>out the IP address correctly. I do think perl could do this really well
>>in one line.
>>
>>For example:
>>gizmo11ps.bigpond.com (gizmo11ps.bigpond.com [144.140.71.21])
>> by cling.tacocat.net (Postfix) with SMTP id 5F3C54C081
>>
>>Should work out to:
>>/(\d+\.\d+\.\d+\.\d+).+?by $fqdn_localhost/o
>>Should set $1 to the IP address every time.
>
>
> It's a bit optimistic because albeit the Received: headers are
> structured, there is a certain amount of freedom what is recorded there
> and the other difficulty (I'm jumping in later into the discussion,
> haven't read all the earlier posts) is figuring out which Received:
> header is the right one to choose. Of course, RFC-1918 and reserved IPs
> (as per the IANA IPv4 Address Assignments) are not it but you really
> don't want to rely on a Received: header that a spammer or proxy has
> recorded that you don't trust.
>
I wouldn't dream of doing that.
but the header the is revieved by the fqdn of your mail server _should_
be one of the most accurate/truthful headers in the bunch.
I haven't been exhaustive, but I haven't found any exceptions yet where
I did not write the header myself. It is possible that someone else
might forge your Received header before sending it to you, giving you to
entries that are received by you, but pick the last one and you aren't
very likely to go wrong.
More information about the Bogofilter
mailing list