Loading ...
Sorry, an error occurred while loading the content.

Re: Regexp for blocking dynamic hosts?

Expand Messages
  • pf at alt-ctrl-del.org
    ... I don t use this... I just combined several regexp lines into two long lines as generic examples. I m sure that it can be done more efficiently, and that
    Message 1 of 19 , Aug 31, 2010
    • 0 Attachment
      On 2010-08-31 4:45 PM, Charles Marcus wrote:
      >
      > Yep, in that it shows why I really should read all of a post before
      > asking questions about it.
      >
      > I was only looking at the one example line you included in the body - I
      > neglected the last part about the *file* to download that contained all
      > of the expressions... ;)
      >

      I don't use this... I just combined several regexp lines into two long lines
      as generic examples.
      I'm sure that it can be done more efficiently, and that using this "as is"
      may lead to false positives.

      # guess at some .cc residential connections
      /(\.|-)static(\.|-)/ DUNNO
      #
      /^.*[0-9]+(\.|-)[0-9]+(\.|-)[0-9]+(\.|-)[0-9]+(\.|-)(.?dsl|dyn(amic|-ip|ip)?|ppp(oe|ool)?|pools?|cable|dhcp|res)\..*\.[a-z][a-z]$/
      550 cc1 residential IP addresses prohibited
      #
      /^.*[0-9]+(\.|-)[0-9]+(\.|-)[0-9]+(\.|-)[0-9]+.*(\.(.?dsl|dyn(amic|-ip|ip)?|ppp(oe|ool)?|pools?|cable|dhcp|res)\.).*\.[a-z][a-z]$/
      550 cc2 residential IP addresses prohibited
      #

      Test cc1 matches
      postmap -q 200-161-108-143.dsl.telesp.net.br regexp:/etc/postfix/filename
      postmap -q 200-161-108-143.adsl.any.name.cc regexp:/etc/postfix/filename
      postmap -q 200.161.108.143.cable.any.cc regexp:/etc/postfix/filename
      postmap -q mm-200-161-108-143-dynip.any.mgts.xx regexp:/etc/postfix/filename

      Test cc2 matches
      postmap -q 200.161.108.143.spacer.labels.cable.any.cc
      regexp:/etc/postfix/filename
      postmap -q 200-161-108-143.spacer.labels.dynamic.any.cc
      regexp:/etc/postfix/filename

      Test non match
      postmap -q pools.cc regexp:/etc/postfix/filename
      postmap -q 123.dynamic.data.pools.any.cc regexp:/etc/postfix/filename

      To add more label matches, just add more | options.
      Like:
      cpe|cust|broadband|user|anything|else
    • mouss
      ... well, in this particular case, there s no point to be specific. a hash like .dsl.telesp.net.br REJECT .... is more than enough. anyway, pcre is
      Message 2 of 19 , Sep 1, 2010
      • 0 Attachment
        Le 31/08/2010 00:40, Stan Hoeppner a écrit :
        > Patrick Lists put forth on 8/30/2010 4:34 PM:
        >> Hi,
        >>
        >> I got a lot of spam lately from dynamic hosts so gradually I have been
        >> adding rules to block them with the help of the rules from
        >> http://gabacho.reto.jp/en/anti-spam/anti-spam-system.html
        >>
        >> Unfortunately this type keeps slipping through:
        >> Received: from 200-161-108-143.dsl.telesp.net.br
        >>
        >> My regex foo is pretty non-existant. Does anyone know what regexp line
        >> would block such a hostname?
        > /^[12]?[0-9]{1,2}(-[12]?[0-9]{1,2}){3}\.(customer|dsl|dial-up)\.telesp\.net\.br$/
        > REJECT Generic - Please relay via ISP (telesp.net.br)


        well, in this particular case, there's no point to be specific. a hash like
        .dsl.telesp.net.br REJECT ....
        is more than enough.

        anyway, pcre is nice:
        /^(\d+\W){3}\d+\.foo\.example$/ REJECT blah blah


        > That's all one line, TB wrapped it. You may as well just use this.
        > Over 1600 regex patterns matching generic dynamics and statics. Rejects
        > all generic dynamics, tags generic statics. Provided with no
        > warranties, use at your own risk, etc. Has worked well here.
        >
        > http://www.hardwarefreak.com/fqrdns.regexp
        >
        > Use in main.cf as:
        >
        > check_client_access regexp:/etc/postfix/fqrdns.regexp

        Try pcre and you'll love it:)
      • Stan Hoeppner
        ... I have some basic PCREs I created and use for some header checks and client restrictions, but they re super simple, and I m still king nubie WRT regexes.
        Message 3 of 19 , Sep 2, 2010
        • 0 Attachment
          mouss put forth on 9/1/2010 6:10 PM:

          >> Over 1600 regex patterns matching generic dynamics and statics. Rejects
          >> all generic dynamics, tags generic statics. Provided with no
          >> warranties, use at your own risk, etc. Has worked well here.
          >>
          >> http://www.hardwarefreak.com/fqrdns.regexp
          >>
          >> Use in main.cf as:
          >>
          >> check_client_access regexp:/etc/postfix/fqrdns.regexp
          >
          > Try pcre and you'll love it:)

          I have some basic PCREs I created and use for some header checks and
          client restrictions, but they're super simple, and I'm still king nubie
          WRT regexes. Alas, even if I had the skill, I wouldn't feel like taking
          the time to convert those 1600+ POSIX regexes to PCRE syntax. ;) As I
          said, these were donated to me. :)

          --
          Stan
        • Noel Jones
          ... Since pcre is a superset of regexp syntax, there s no need to convert to pcre. Specify the pcre: map type for an instant performance improvement. Using
          Message 4 of 19 , Sep 2, 2010
          • 0 Attachment
            On 9/2/2010 10:14 AM, Stan Hoeppner wrote:
            > mouss put forth on 9/1/2010 6:10 PM:
            >
            >>> Over 1600 regex patterns matching generic dynamics and statics. Rejects
            >>> all generic dynamics, tags generic statics. Provided with no
            >>> warranties, use at your own risk, etc. Has worked well here.
            >>>
            >>> http://www.hardwarefreak.com/fqrdns.regexp
            >>>
            >>> Use in main.cf as:
            >>>
            >>> check_client_access regexp:/etc/postfix/fqrdns.regexp
            >>
            >> Try pcre and you'll love it:)
            >
            > I have some basic PCREs I created and use for some header checks and
            > client restrictions, but they're super simple, and I'm still king nubie
            > WRT regexes. Alas, even if I had the skill, I wouldn't feel like taking
            > the time to convert those 1600+ POSIX regexes to PCRE syntax. ;) As I
            > said, these were donated to me. :)
            >

            Since pcre is a superset of regexp syntax, there's no need to
            "convert" to pcre. Specify the pcre: map type for an instant
            performance improvement.

            Using pcre also reveals a few malformed expressions:
            # postmap -q bubba pcre:fqrdns.regexp
            postmap: warning: pcre map fqrdns.regexp, line 228: error in
            regex at offset 22: unmatched parentheses
            postmap: warning: pcre map fqrdns.regexp, line 1162: error in
            regex at offset 45: unmatched parentheses
            postmap: warning: pcre map fqrdns.regexp, line 1536: error in
            regex at offset 32: unmatched parentheses

            The regexp library can't use these malformed lines, but
            doesn't complain. The patch to fix is pretty easy (beware
            line wraps):

            --- fqrdns.regexp Thu Sep 2 10:19:52 2010
            +++ fixed.regexp Tue Sep 2 10:34:18 2010
            @@ -228 +228 @@
            -/^dyn-[12]?[0-9]{1,2}\.){4}[a-z]{2,4}\.upcnet\.ro$/ REJECT
            Dynamic - Please relay via ISP (upcnet.ro)
            +/^dyn-([12]?[0-9]{1,2}\.){4}[a-z]{2,4}\.upcnet\.ro$/ REJECT
            Dynamic - Please relay via ISP (upcnet.ro)
            @@ -1162 +1162 @@
            -/^ip-[12]?[0-9]{1,2}\.net(-[12]?[0-9]{1,2}){2})\.[12]?[0-9]{1,2}\.[a-z]{3,10}\.rev\.numericable\.fr$/
            REJECT Generic - Please relay via ISP (numericable.fr)
            +/^ip-[12]?[0-9]{1,2}\.net(-[12]?[0-9]{1,2}){2}\.[12]?[0-9]{1,2}\.[a-z]{3,10}\.rev\.numericable\.fr$/
            REJECT Generic - Please relay via ISP (numericable.fr)
            @@ -1536 +1536 @@
            -/^[12]?[0-9{1,2}(-[12]?[0-9]{1,2}){3}\.[a-z]{3}\.unitline\.ru$/
            REJECT Generic - Please relay via ISP (unitline.ru)
            +/^[12]?[0-9]{1,2}(-[12]?[0-9]{1,2}){3}\.[a-z]{3}\.unitline\.ru$/
            REJECT Generic - Please relay via ISP (unitline.ru)


            (This does not constitute an endorsement of the file. Use at
            your own risk.)

            -- Noel Jones
          • Steffan A. Cline
            I can t imagine needing to change them. They are AWESOME! They work great just as they are. Kills off 80% of the spam at the least. Thank you, Stan the ma
            Message 5 of 19 , Sep 2, 2010
            • 0 Attachment
              I can't imagine needing to change them. They are AWESOME!

              They work great just as they are. Kills off 80% of the spam at the least.

              Thank you, Stan the ma




              Thanks

              Steffan

              ---------------------------------------------------------------
              T E L 6 0 2 . 7 9 3 . 0 0 1 4 | F A X 6 0 2 . 9 7 1 . 1 6 9 4
              Steffan A. Cline
              Steffan@... Phoenix, Az
              http://www.ExecuChoice.net USA
              AIM : SteffanC ICQ : 57234309
              YAHOO : Steffan_Cline MSN : steffan@...
              GOOGLE: Steffan.Cline Lasso Partner Alliance Member
              ---------------------------------------------------------------





              On 9/2/10 8:14 AM, "Stan Hoeppner" <stan@...> wrote:

              >mouss put forth on 9/1/2010 6:10 PM:
              >
              >>> Over 1600 regex patterns matching generic dynamics and statics.
              >>>Rejects
              >>> all generic dynamics, tags generic statics. Provided with no
              >>> warranties, use at your own risk, etc. Has worked well here.
              >>>
              >>> http://www.hardwarefreak.com/fqrdns.regexp
              >>>
              >>> Use in main.cf as:
              >>>
              >>> check_client_access regexp:/etc/postfix/fqrdns.regexp
              >>
              >> Try pcre and you'll love it:)
              >
              >I have some basic PCREs I created and use for some header checks and
              >client restrictions, but they're super simple, and I'm still king nubie
              >WRT regexes. Alas, even if I had the skill, I wouldn't feel like taking
              >the time to convert those 1600+ POSIX regexes to PCRE syntax. ;) As I
              >said, these were donated to me. :)
              >
              >--
              >Stan
              >
              >
            • Stan Hoeppner
              ... That s what I thought, but when I plugged it into main.cf as a pcre type I got log errors, so I switched it to regexp and the errors went away. Thus I
              Message 6 of 19 , Sep 2, 2010
              • 0 Attachment
                Noel Jones put forth on 9/2/2010 10:41 AM:
                > On 9/2/2010 10:14 AM, Stan Hoeppner wrote:
                >> mouss put forth on 9/1/2010 6:10 PM:
                >>
                >>>> Over 1600 regex patterns matching generic dynamics and statics.
                >>>> Rejects
                >>>> all generic dynamics, tags generic statics. Provided with no
                >>>> warranties, use at your own risk, etc. Has worked well here.
                >>>>
                >>>> http://www.hardwarefreak.com/fqrdns.regexp
                >>>>
                >>>> Use in main.cf as:
                >>>>
                >>>> check_client_access regexp:/etc/postfix/fqrdns.regexp
                >>>
                >>> Try pcre and you'll love it:)
                >>
                >> I have some basic PCREs I created and use for some header checks and
                >> client restrictions, but they're super simple, and I'm still king nubie
                >> WRT regexes. Alas, even if I had the skill, I wouldn't feel like taking
                >> the time to convert those 1600+ POSIX regexes to PCRE syntax. ;) As I
                >> said, these were donated to me. :)
                >>
                >
                > Since pcre is a superset of regexp syntax, there's no need to "convert"

                That's what I thought, but when I plugged it into main.cf as a pcre type
                I got log errors, so I switched it to regexp and the errors went away.
                Thus I thought it was a compatibility issue.

                > to pcre. Specify the pcre: map type for an instant performance
                > improvement.

                Done. Not sure I'll notice as this is a really lightly loaded MX. But
                if PCRE processing is faster, I'm down with that. ;)

                > Using pcre also reveals a few malformed expressions:
                > # postmap -q bubba pcre:fqrdns.regexp
                > postmap: warning: pcre map fqrdns.regexp, line 228: error in regex at
                > offset 22: unmatched parentheses
                > postmap: warning: pcre map fqrdns.regexp, line 1162: error in regex at
                > offset 45: unmatched parentheses
                > postmap: warning: pcre map fqrdns.regexp, line 1536: error in regex at
                > offset 32: unmatched parentheses
                >
                > The regexp library can't use these malformed lines, but doesn't
                > complain. The patch to fix is pretty easy (beware line wraps):

                Ahh, that explains the errors. Due to my regex nubness, I didn't
                realize these were due to author errors.

                > --- fqrdns.regexp Thu Sep 2 10:19:52 2010
                > +++ fixed.regexp Tue Sep 2 10:34:18 2010
                > @@ -228 +228 @@
                > -/^dyn-[12]?[0-9]{1,2}\.){4}[a-z]{2,4}\.upcnet\.ro$/ REJECT Dynamic
                > - Please relay via ISP (upcnet.ro)
                > +/^dyn-([12]?[0-9]{1,2}\.){4}[a-z]{2,4}\.upcnet\.ro$/ REJECT Dynamic
                > - Please relay via ISP (upcnet.ro)
                > @@ -1162 +1162 @@
                > -/^ip-[12]?[0-9]{1,2}\.net(-[12]?[0-9]{1,2}){2})\.[12]?[0-9]{1,2}\.[a-z]{3,10}\.rev\.numericable\.fr$/
                > REJECT Generic - Please relay via ISP (numericable.fr)
                > +/^ip-[12]?[0-9]{1,2}\.net(-[12]?[0-9]{1,2}){2}\.[12]?[0-9]{1,2}\.[a-z]{3,10}\.rev\.numericable\.fr$/
                > REJECT Generic - Please relay via ISP (numericable.fr)
                > @@ -1536 +1536 @@
                > -/^[12]?[0-9{1,2}(-[12]?[0-9]{1,2}){3}\.[a-z]{3}\.unitline\.ru$/
                > REJECT Generic - Please relay via ISP (unitline.ru)
                > +/^[12]?[0-9]{1,2}(-[12]?[0-9]{1,2}){3}\.[a-z]{3}\.unitline\.ru$/
                > REJECT Generic - Please relay via ISP (unitline.ru)

                Fixed. Thanks Noel. :)

                --
                Stan
              • Steffan A. Cline
                How weird. That was supposed to say Stan the man! Thanks Steffan ... T E L 6 0 2 . 7 9 3 . 0 0 1 4 | F A X 6 0 2 . 9 7 1 . 1 6 9 4 Steffan A. Cline
                Message 7 of 19 , Sep 2, 2010
                • 0 Attachment
                  How weird. That was supposed to say Stan the man!


                  Thanks

                  Steffan

                  ---------------------------------------------------------------
                  T E L 6 0 2 . 7 9 3 . 0 0 1 4 | F A X 6 0 2 . 9 7 1 . 1 6 9 4
                  Steffan A. Cline
                  Steffan@... Phoenix, Az
                  http://www.ExecuChoice.net USA
                  AIM : SteffanC ICQ : 57234309
                  YAHOO : Steffan_Cline MSN : steffan@...
                  GOOGLE: Steffan.Cline Lasso Partner Alliance Member
                  ---------------------------------------------------------------





                  On 9/2/10 8:59 AM, "Steffan A. Cline" <steffan@...> wrote:

                  >I can't imagine needing to change them. They are AWESOME!
                  >
                  >They work great just as they are. Kills off 80% of the spam at the least.
                  >
                  >Thank you, Stan the ma
                  >
                  >
                  >
                  >
                  >Thanks
                  >
                  >Steffan
                  >
                  >---------------------------------------------------------------
                  >T E L 6 0 2 . 7 9 3 . 0 0 1 4 | F A X 6 0 2 . 9 7 1 . 1 6 9 4
                  >Steffan A. Cline
                  >Steffan@... Phoenix, Az
                  >http://www.ExecuChoice.net USA
                  >AIM : SteffanC ICQ : 57234309
                  >YAHOO : Steffan_Cline MSN : steffan@...
                  >GOOGLE: Steffan.Cline Lasso Partner Alliance Member
                  >---------------------------------------------------------------
                  >
                  >
                  >
                  >
                  >
                  >On 9/2/10 8:14 AM, "Stan Hoeppner" <stan@...> wrote:
                  >
                  >>mouss put forth on 9/1/2010 6:10 PM:
                  >>
                  >>>> Over 1600 regex patterns matching generic dynamics and statics.
                  >>>>Rejects
                  >>>> all generic dynamics, tags generic statics. Provided with no
                  >>>> warranties, use at your own risk, etc. Has worked well here.
                  >>>>
                  >>>> http://www.hardwarefreak.com/fqrdns.regexp
                  >>>>
                  >>>> Use in main.cf as:
                  >>>>
                  >>>> check_client_access regexp:/etc/postfix/fqrdns.regexp
                  >>>
                  >>> Try pcre and you'll love it:)
                  >>
                  >>I have some basic PCREs I created and use for some header checks and
                  >>client restrictions, but they're super simple, and I'm still king nubie
                  >>WRT regexes. Alas, even if I had the skill, I wouldn't feel like taking
                  >>the time to convert those 1600+ POSIX regexes to PCRE syntax. ;) As I
                  >>said, these were donated to me. :)
                  >>
                  >>--
                  >>Stan
                  >>
                  >>
                  >
                  >
                • Stan Hoeppner
                  ... Given your MX and general system load Steffan, if you edit those three lines and fix the syntax errors Noel mentioned, then change the map type to pcre:
                  Message 8 of 19 , Sep 2, 2010
                  • 0 Attachment
                    Steffan A. Cline put forth on 9/2/2010 10:59 AM:
                    > I can't imagine needing to change them. They are AWESOME!
                    >
                    > They work great just as they are. Kills off 80% of the spam at the least.
                    >
                    > Thank you, Stan the ma

                    Given your MX and general system load Steffan, if you edit those three
                    lines and fix the syntax errors Noel mentioned, then change the map type
                    to pcre: instead of regexp: your system will probably notice some
                    decreased load. Given all the stuff you're running I'd do it. IIRC the
                    errors are a single character added or deleted from each of those 3
                    lines. The edit was simple. Don't forget "postfix reload" after the
                    edits of the file and of main.cf.

                    --
                    Stan
                  Your message has been successfully submitted and would be delivered to recipients shortly.