Le 14 sept. 2009 05:07, Todd Lyons <[email protected]> a écrit :
> On Sun, Sep 13, 2009 at 2:16 PM, alexandre [email protected]> wrote:
> > This is part of a regex that I wrote for a python script.
> > You'll certainly need to adapt it for perl and complete it for your own
> > mailservers/network but may be a good start.
> > As is, IP is the 3rd subgroup of th regex.
> >
> > 'Received:\ from\ ([\[\w\-_]+\.)*\w+\]?\s*\(([\w\-\_]+\.)*\w*\s*
> > \[((\d{1,3}\.){3}\d{1,3})\]\)\s+by\s+'
> Is long as the IP address reverse resolves, it will be the third
> group. If the host does not reverse resolve, then there will only be
> two groups. In my log parsing script, I use this:
Yes that's true, but do you accept mail from hosts that doesn't reverse
have lookup? If so you should not.
Even your own clients (relay networks) should have PTR records in some
forms like "stuff.like.reversed.ip.dyn.dial.in-addr.arpa"
> my $host_in3_regex='(\S+) \([\w.]+\)( \[[\d.]+\])';
> my $host_in2_regex='\(\S+\) (\[[\d.]+\])';
> my $host_out2_regex='(\S+ \[[\d.]+\])\*?';
> my $host_in2b_regex=$host_out2_regex;
> In the first, I capture the hostname, reverse hostname, and IP
> separately. In the second I capture the hostname and IP separately.
> In the last one, I capture the hostname and IP together (has to do
> with how I stuff it in the database).
> --
> Regards... Todd
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
