October 24, 2019 8:35 PM, "Joerg Jung" <m...@umaxx.net> wrote:

> Hi,
> I used some regex filters in the past which I'm trying to convert to the
> latest builtin filters. In particular, I stumbled over a HELO filter,
> which rejects non-FQDN HELO forcing SMTP protocol, aka: 
> Sendmail FEATURE(block_bad_helo) or Postfix reject_non_fqdn_helo_hostname
> I had significant success rate with this kind of blocking, since a good
> portions of spammers seem to be too lazy to configure HELO correctly.
> Here is what I came up with:
> # reject HELO/EHLO with leading or trailing dot, and without dots (non-FQDN)
> filter helo phase helo connect match helo regex { "^\.", "\.$", "^[^\.]*$" } 
> disconnect "554 5.7.1
> HELO rejected" 
> filter ehlo phase ehlo connect match helo regex { "^\.", "\.$", "^[^\.]*$" } 
> disconnect "554 5.7.1
> EHLO rejected
> Now, I just need a way to skip/allow IPv6 address literals, e.g. there
> are no dots in EHLO [::1], but still a valid/allowed value.
> With old filter-regex I just did a negotiation: ! regex "^\[" to
> not apply filter to v6 literals
> Any ideas/hints how to add/implement this with the new builtin regex
> filter syntax?

Sadly there would have been a very easy way if I had that use-case in mind 
which would be to make the "proceed" action explicit, you could have had a 
match the inet6 address and proceed to shortcut the matching of non fqdn.

As of today, there will be no option but to craft your regex to contain both 
the pattern
you want to match AND exclude [ as far as I see it.

Reply via email to