Re: Barracuda Blacklist

[Matus UHLAR - fantomas]

On 28.05.09 14:12, Neil Schwartzman wrote:
 * see the attachment for gross numbers, sorry, I can't show you specifics.

[-- Attachment #2: DNSBL Summary.pdf --]
[-- Type: video/x-flv, Encoding: base64, Size: 182K --]

... nice joke I'd say. Is there any reason not to put the att. somewhere to
the web/ftp(/gopher)?
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Two words: Windows survives. - Craig Mundie, Microsoft senior strategist
So does syphillis. Good thing we have penicillin. - Matthew Alton

Problem with check_invalid_ip()

[Eric Rodriguez]

Hi,

I'm having trouble with the check invalid_ip subroutine in the RelayEval.pm.
See
http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385

After a couple test, it seems that 193.X.X.X and 194.X.X.X ip's are not
valid with respect to the regexp.
Is this a bug? or am I wrong about the test?

I used http://www.fileformat.info/tool/regex.htm with
RegExp:
(?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+
Tests:
127.0.0.1
192.168.1.1
87.248.121.75
193.1.1.1
194.1.1.1


Could someone explain me which ip are valid according to this test ?
Thanks

Eric Rodriguez

Re: Problem with check_invalid_ip()

[Eric Rodriguez]

Hi,

I removed the negation ~ , the begin ^ and end $  charaters from the
original source:

sub check_for_illegal_ip {
  my ($self, $pms) = @_;

  foreach my $rcvd ( @{$pms-{relays_untrusted}} ) {
# (note this might miss some hits if the Received.pm skips any invalid IPs)
foreach my $check ( $rcvd-{ip}, $rcvd-{by} ) {
  return 1 if ($check =~ /^

(?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+
$/x);
}
  }
  return 0;
}


Here are my results:
Test Target String matches() replaceFirst() replaceAll() lookingAt() find()
group(0)  1 127.0.0.1 No 12 12 No Yes 7.0.0.1  2 192.168.1.1 No 19 19 No Yes
2.168.1.1  3 87.248.121.75 No 8 8 No Yes 7.248.121.75  4 193.1.1.1 No
193.1.1.1 193.1.1.1 No No  5 194.1.1.1 No 194.1.1.1 194.1.1.1 No No

If I understand correctly the first 3 tests are valid IP, but not the
193.1.1.1 and 194.1.1.1 ??

Eric Rodriguez


On Fri, May 29, 2009 at 13:53, Matt Kettler mkettler...@verizon.net wrote:

 Eric Rodriguez wrote:
  Hi,
 
  I'm having trouble with the check invalid_ip subroutine in the
  RelayEval.pm.
  See
 
 http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385
  
 http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385
 
 
  After a couple test, it seems that 193.X.X.X and 194.X.X.X ip's are
  not valid with respect to the regexp.
  Is this a bug? or am I wrong about the test?
 
  I used http://www.fileformat.info/tool/regex.htm with
  RegExp:
 
 (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+
  Tests:
  127.0.0.1
  192.168.1.1
  87.248.121.75
  193.1.1.1
  194.1.1.1
 
 
  Could someone explain me which ip are valid according to this test ?
  Thanks
 
  Eric Rodriguez
 Using the above tool I get results telling me that 193.1.1.1 and
 194.1.1.1 do NOT match, and therefore are valid IPs.

 TestTarget String   matches()   replaceFirst()  replaceAll()
 lookingAt() find()  group(0)
 1   193.1.1.1   *No*193.1.1.1   193.1.1.1   No  No
 2   194.1.1.1   *No*194.1.1.1   194.1.1.1   No  No



 In fact, NONE of your test strings match the regex. But 127.1.1.1,
 correctly, does.

Re: Problem with check_invalid_ip()

[Matt Kettler]

Eric Rodriguez wrote:
 Hi,

 I'm having trouble with the check invalid_ip subroutine in the
 RelayEval.pm.
 See
 http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385
 http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385

 After a couple test, it seems that 193.X.X.X and 194.X.X.X ip's are
 not valid with respect to the regexp.
 Is this a bug? or am I wrong about the test?

 I used http://www.fileformat.info/tool/regex.htm with
 RegExp:   
 (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+
 Tests:
 127.0.0.1
 192.168.1.1
 87.248.121.75
 193.1.1.1
 194.1.1.1


 Could someone explain me which ip are valid according to this test ?
 Thanks

 Eric Rodriguez
Using the above tool I get results telling me that 193.1.1.1 and
194.1.1.1 do NOT match, and therefore are valid IPs.

TestTarget String   matches()   replaceFirst()  replaceAll()
lookingAt() find()  group(0)
1   193.1.1.1   *No*193.1.1.1   193.1.1.1   No  No
2   194.1.1.1   *No*194.1.1.1   194.1.1.1   No  No



In fact, NONE of your test strings match the regex. But 127.1.1.1,
correctly, does.

[no subject]

[Doni Mediono Indrawan]

Hi,

How are you doing recently? I would like to introduce you a very good
company which I know. Their website is
esurfingonline.com

They can offer you all kinds of electronic products Please
take some time to have a check, They must have something you'd like to
buy.

Filtering through mailing lists

[Garik]

I have a situation where by mail passes through a mailing list and then goes
on to the destination mailbox that's subscribed in the mailing list. Here's
my problem:
SpamAssasin checks the emails going through the mailing list for SPAM and
adds the subject [**SPAM**] to the email, and then when it's going to the
mailbox it checks the email again and adds the [**SPAM**] header a second
time. So my emails end up looking like: [**SPAM**] [**SPAM**]
My_email_subject

Is there anything that can be done so there's only one instance of
[**SPAM**] in the subject? Have postfix strip out the spam headers from the
subject, or is there another solution? Someone would have run across this
problem before me.

I'm running SpamAssasin 3.1.7, MailMan using Postfix.

Any help would be welcome,

Garik

Re:

[Neil Schwartzman]

Oh, the irony.


On 29/05/09 9:26 AM, Doni Mediono Indrawan medi...@gmail.com wrote:

 Hi,
 
 How are you doing recently? I would like to introduce you a very good
 company which I know. Their website is
 esurfingonline.com
 
 They can offer you all kinds of electronic products Please
 take some time to have a check, They must have something you'd like to
 buy.

-- 
Neil Schwartzman
Director, Accreditation Security  Standards
Certified | Safelist
Return Path Inc.
0142002038

Re: Barracuda Blacklist

[Andy Dorman]

Neil Schwartzman wrote:


Given the huge amount of bumph I've seen and heard about emailreg.org, I
figured it would be an interesting experiment to see if what everybody
feared was happening was true. It isn't. No big extortion plan on the part
of emailreg and Barracuda that I can see.


Neil, I certainly respect what you are saying based on the information you have.

However, I have a fact to toss out about emailreg.org.

I run a small email filtering company with a small cluster of servers for load 
balancing and reliability.  In early April I found I was unable to send email to 
a new customer.  They were currently using the Barracuda Networks Reputation 
system and it was blocking my emails.  I found this somewhat silly considering 
we receive over 500 million emails a month but rarely ever SEND email (we only 
filter incoming email so far).  ie, our outgoing email is mostly just business 
correspondence and filter stats reports to our customers.


And then I got to emailreg.org and found that:

1. I could not find out WHY our IPs (we have a block of 32 for the cluster of 
servers that my email was being sent from) were being listed


2. I would have to pay a competitor to get off this list and be able to send any 
correspondence to anyone using the Barracuda Networks Reputation system.


3. Given how our email system is set up (multiple servers on multiple IPs 
supporting many, many domains) I could not even begin to figure out how to fill 
out their on-line forms nor how much money it would eventually cost us.  In 
fact, if we add outgoing filtering to our service, our expense to be allowed 
to send our customer's valid emails would probably run into the hundreds of 
thousands of dollars.


So, in order to do legitimate business filtering spam, not sending it, we must 
pay a competitor to let our email reach a new customer?  I would not mind so 
much if someone would tell us WHY they are blocking our IPs so we could fix 
whatever it is.  But even that has been denied to us.


I finally gave up and phoned our new customer to explain why they could not get 
our emails and we handled setting up their service with us via subsequent phone 
calls.  And I desperately hope emailreg.org either unblocks our IPs or goes out 
of business by the time we start offering outgoing filtering.  If not then our 
only recourse may be the courts.  And NOBODY wins when it gets to that point.


Just wanted you to have ALL the facts when considering emailreg.org.

--
Andy Dorman
Ironic Design, Inc.
AnteSpam.com, HomeFreeMail.com, ComeHome.net

Re: Barracuda Blacklist

[Neil Schwartzman]

On 29/05/09 9:32 AM, Andy Dorman ador...@ironicdesign.com wrote:

 Neil Schwartzman wrote:
 
 Given the huge amount of bumph I've seen and heard about emailreg.org, I
 figured it would be an interesting experiment to see if what everybody
 feared was happening was true. It isn't. No big extortion plan on the part
 of emailreg and Barracuda that I can see.
 
 Neil, I certainly respect what you are saying based on the information you
 have.
 
 However, I have a fact to toss out about emailreg.org.
 
 I run a small email filtering company with a small cluster of servers for load
 balancing and reliability.  In early April I found I was unable to send email
 to 
 a new customer.  They were currently using the Barracuda Networks Reputation
 system and it was blocking my emails.  I found this somewhat silly considering
 we receive over 500 million emails a month but rarely ever SEND email (we only
 filter incoming email so far).  ie, our outgoing email is mostly just business
 correspondence and filter stats reports to our customers.
 
 And then I got to emailreg.org and found that:
 
[...]
 Just wanted you to have ALL the facts when considering emailreg.org.

Hold up now. Why did you goto emailreg.org?? That is the whitelisting
service. I'd go ahead and request a delist at

http://www.barracudacentral.org/rbl/removal-request

Worked well for me.
-- 
Neil Schwartzman
Director, Accreditation Security  Standards
Certified | Safelist
Return Path Inc.
0142002038

Re: Barracuda Blacklist

[Andy Dorman]

Neil Schwartzman wrote:


Hold up now. Why did you goto emailreg.org?? That is the whitelisting
service. I'd go ahead and request a delist at

http://www.barracudacentral.org/rbl/removal-request

Worked well for me.


Good question.

I went to emailreg.org because the bounce I got back directed me to this page 
http://www.barracudacentral.org/reputation?r=1 which included this quarter-page ad:

---
One way to get your email through spam filters even if you are listed on the 
BRBL is to register your domain and IPs at EmailReg.org. Email administrators 
can configure their systems to use EmailReg.org to apply policy to inbound 
email. Emails from domain names and IP addresses that are properly registered on 
EmailReg.org can be automatically exempted from spam filtering defense layers on 
Barracuda Spam Firewalls, preventing your email from being accidentally blocked.

---

But you have an excellent point.  And I am NOT trying to be sarcastic when I say 
I was trying for a more or less permanent solution and I actually completely 
missed the point that I could have continued with the more traditional process 
and request to be de-listed.


So I was NOT compelled to send them money and I did have another option that I 
ignored.  That was dumb of me.


And in the spirit of full disclosure...the other good news is the IP in our 
block that was being blocked back in early April is no longer blocked.  Not sure 
why (as I am also not sure why we were blocked in the first place).  But happy 
about it none the less.


However, I do still feel it is a little self-serving to block someone and then 
offer to unblock them for money.


Thank you Neil for pointing out what I missed.

--
Andy Dorman
Ironic Design, Inc.
AnteSpam.com, HomeFreeMail.com, ComeHome.net

Re: Barracuda Blacklist

[John Hardin]

On Fri, 29 May 2009, Andy Dorman wrote:

I went to emailreg.org because the bounce I got back directed me to this page 
http://www.barracudacentral.org/reputation?r=1 which included this 
quarter-page ad:

---
One way to get your email through spam filters even if you are listed on the 
BRBL is to register your domain and IPs at EmailReg.org.

{etc.}

It might be less confusing if that ad was presented *after* you've 
completed the traditional unlisting request...


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Our government wants to do everything it can for the children,
  except sparing them crushing tax burdens.
---
 8 days until the 65th anniversary of D-Day

Re: Barracuda Blacklist

[Rob McEwen]

John Hardin wrote:
 It might be less confusing if that ad was presented *after* you've
 completed the traditional unlisting request...

Good point. And I also wonder, how many emailreg payments were made by
disparately frantic e-mail admins who normally don't ever send spam, but
had a security problem that warranted their initial blacklisting, but
where the security problem was already fixed. And I wonder how often
those types would have been delisted anyways, but the sysadmin was
disparate, rushed, and willing to do anything, including paying $20,
under those circumstances?

Additionally, I'd like to ask, other than being a superb cash-generating
machine, what good is a whitelist built upon pay-to-enter and NOT based
on editorial decisions made by non-biased e-mail administrators?

At some point, pay-for-whitelisting will likely lead to FNs as well as
free passes for dark-gray or blackhat ESPs. It may also lead to FNs
the next time that same email admin I described has another security
hole spewing out millions of spams months/years later. (do they then get
a free pass due to the payment to emailreg?)

sarcasmReally, I find this whole conversation quite bizarre. It
reminds me of a joke I once made to my wife about how I felt led by the
Lord to minister and share the Gospel to strippers at strip clubs.
There'd be no lust or adultery involved on my part. Na. Just genuine
concern about saving those lost souls.

Likewise I'm sure emailreg.org is just a whitelisting service trying to
give back to the community and help those poor innocent system admins
from getting unfairly blacklisted in the future, right?/sarcasm

-- 
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032

Re: Problem with check_invalid_ip()

[Theo Van Dinter]

None of the IPs you listed will match.
Have you tried simply running a loop in Perl to see what the results are?

Also, negation ~ ?  What do you mean?  =~ is not a negation (that
would be !~).
Also also, the ^ and $ chars are important.  If you remove them,
you change the RE.


On Fri, May 29, 2009 at 7:59 AM, Eric Rodriguez thewa...@gmail.com wrote:
 Hi,

 I removed the negation ~ , the begin ^ and end $  charaters from the
 original source:

 sub check_for_illegal_ip {
   my ($self, $pms) = @_;

   foreach my $rcvd ( @{$pms-{relays_untrusted}} ) {

 # (note this might miss some hits if the Received.pm skips any invalid
 IPs)
 foreach my $check ( $rcvd-{ip}, $rcvd-{by} ) {
   return 1 if ($check =~ /^

   
 (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+

   $/x);
 }
   }
   return 0;
 }

 Here are my results:
 Test Target String matches() replaceFirst() replaceAll() lookingAt() find()
 group(0)
 1 127.0.0.1 No 12 12 No Yes 7.0.0.1
 2 192.168.1.1 No 19 19 No Yes 2.168.1.1
 3 87.248.121.75 No 8 8 No Yes 7.248.121.75
 4
 193.1.1.1 No 193.1.1.1 193.1.1.1 No No
 5
 194.1.1.1 No 194.1.1.1 194.1.1.1 No No

 If I understand correctly the first 3 tests are valid IP, but not the
 193.1.1.1 and 194.1.1.1 ??

 Eric Rodriguez


 On Fri, May 29, 2009 at 13:53, Matt Kettler mkettler...@verizon.net wrote:

 Eric Rodriguez wrote:
  Hi,
 
  I'm having trouble with the check invalid_ip subroutine in the
  RelayEval.pm.
  See
 
  http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385
 
  http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385
 
  After a couple test, it seems that 193.X.X.X and 194.X.X.X ip's are
  not valid with respect to the regexp.
  Is this a bug? or am I wrong about the test?
 
  I used http://www.fileformat.info/tool/regex.htm with
  RegExp:
 
  (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+
  Tests:
  127.0.0.1
  192.168.1.1
  87.248.121.75
  193.1.1.1
  194.1.1.1
 
 
  Could someone explain me which ip are valid according to this test ?
  Thanks
 
  Eric Rodriguez
 Using the above tool I get results telling me that 193.1.1.1 and
 194.1.1.1 do NOT match, and therefore are valid IPs.

 Test    Target String   matches()       replaceFirst()  replaceAll()
 lookingAt()     find()  group(0)
 1       193.1.1.1       *No*    193.1.1.1       193.1.1.1       No      No
 2       194.1.1.1       *No*    194.1.1.1       194.1.1.1       No      No



 In fact, NONE of your test strings match the regex. But 127.1.1.1,
 correctly, does.

Re: Filtering through mailing lists

[Theo Van Dinter]

Sure, change your mail system so it doesn't call SA more than once on
the same message. :)

On Fri, May 29, 2009 at 9:26 AM, Garik garik@gmail.com wrote:
 Is there anything that can be done so there's only one instance of
 [**SPAM**] in the subject? Have postfix strip out the spam headers from the
 subject, or is there another solution? Someone would have run across this
 problem before me.

Re: Problem with check_invalid_ip()

[Eric Rodriguez]

Hi,

You're right. removing begin and end chars was a bad idea.
I just tried in a perl routine, and all is fine...
So I'll have to find why an 194.X.X.X ip got stuck as a ILLEGAL_IP ...

Thanks for your help
Eric Rodriguez

On Fri, May 29, 2009 at 18:35, Theo Van Dinter felic...@apache.org wrote:

 None of the IPs you listed will match.
 Have you tried simply running a loop in Perl to see what the results are?

 Also, negation ~ ?  What do you mean?  =~ is not a negation (that
 would be !~).
 Also also, the ^ and $ chars are important.  If you remove them,
 you change the RE.


 On Fri, May 29, 2009 at 7:59 AM, Eric Rodriguez thewa...@gmail.com
 wrote:
  Hi,
 
  I removed the negation ~ , the begin ^ and end $  charaters from the
  original source:
 
  sub check_for_illegal_ip {
my ($self, $pms) = @_;
 
foreach my $rcvd ( @{$pms-{relays_untrusted}} ) {
 
  # (note this might miss some hits if the Received.pm skips any
 invalid
  IPs)
  foreach my $check ( $rcvd-{ip}, $rcvd-{by} ) {
return 1 if ($check =~ /^
 
 
 (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+
 
$/x);
  }
}
return 0;
  }
 
  Here are my results:
  Test Target String matches() replaceFirst() replaceAll() lookingAt()
 find()
  group(0)
  1 127.0.0.1 No 12 12 No Yes 7.0.0.1
  2 192.168.1.1 No 19 19 No Yes 2.168.1.1
  3 87.248.121.75 No 8 8 No Yes 7.248.121.75
  4
  193.1.1.1 No 193.1.1.1 193.1.1.1 No No
  5
  194.1.1.1 No 194.1.1.1 194.1.1.1 No No
 
  If I understand correctly the first 3 tests are valid IP, but not the
  193.1.1.1 and 194.1.1.1 ??
 
  Eric Rodriguez
 
 
  On Fri, May 29, 2009 at 13:53, Matt Kettler mkettler...@verizon.net
 wrote:
 
  Eric Rodriguez wrote:
   Hi,
  
   I'm having trouble with the check invalid_ip subroutine in the
   RelayEval.pm.
   See
  
  
 http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385
  
   
 http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385
 
  
   After a couple test, it seems that 193.X.X.X and 194.X.X.X ip's are
   not valid with respect to the regexp.
   Is this a bug? or am I wrong about the test?
  
   I used http://www.fileformat.info/tool/regex.htm with
   RegExp:
  
  
 (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+
   Tests:
   127.0.0.1
   192.168.1.1
   87.248.121.75
   193.1.1.1
   194.1.1.1
  
  
   Could someone explain me which ip are valid according to this test ?
   Thanks
  
   Eric Rodriguez
  Using the above tool I get results telling me that 193.1.1.1 and
  194.1.1.1 do NOT match, and therefore are valid IPs.
 
  TestTarget String   matches()   replaceFirst()  replaceAll()
  lookingAt() find()  group(0)
  1   193.1.1.1   *No*193.1.1.1   193.1.1.1   No
  No
  2   194.1.1.1   *No*194.1.1.1   194.1.1.1   No
  No
 
 
 
  In fact, NONE of your test strings match the regex. But 127.1.1.1,
  correctly, does.
 
 
 
 

whitelists (was Re: Barracuda Blacklist)

[J.D. Falk]

Rob McEwen wrote:


Additionally, I'd like to ask, other than being a superb cash-generating
machine, what good is a whitelist built upon pay-to-enter and NOT based
on editorial decisions made by non-biased e-mail administrators?


Those two aren't necessarily exclusive.  The standards for inclusion in a 
whitelist can (and in many cases do) include the same performance metrics 
that help e-mail administrators stay non-biased, such as user complaint 
rate, spamtrap hits, and so forth.


(I don't know whether Barracuda's whitelist includes those metrics.)

The additional value to admins is that they don't have to keep watch over 
the whitelisted IPs -- the whitelist operator handles that.  The fees cover 
that monitoring, and consulting on improving practices where necessary.


And, of course, if the whitelist operator is lying or slow or otherwise not 
living up to expectations, the admin simply stops using that whitelist. 
Lists that nobody uses don't get much business, so there's a direct 
incentive for the whitelist operator to keep their list squeaky-clean.


--
J.D. Falk
Return Path Inc
http://www.returnpath.net/

Re: Problem with check_invalid_ip()

[Matt Kettler]

Eric Rodriguez wrote:
 Hi,

 I removed the negation ~ , the begin ^ and end $  charaters from the
 original source:
 sub check_for_illegal_ip {
   my ($self, $pms) = @_;

   foreach my $rcvd ( @{$pms-{relays_untrusted}} ) {

 # (note this might miss some hits if the Received.pm skips any invalid 
 IPs)
 foreach my $check ( $rcvd-{ip}, $rcvd-{by} ) {
   return 1 if ($check =~ /^
   
 (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+

   $/x);
 }
   }
   return 0;
 }
   

 Here are my results:
 Test  Target String   matches()   replaceFirst()  replaceAll()
 lookingAt()   find()  group(0)
 1 127.0.0.1   No  12  12  No  Yes 7.0.0.1
 2 192.168.1.1 No  19  19  No  Yes 2.168.1.1
 3 87.248.121.75   No  8   8   No  Yes 7.248.121.75
 4 193.1.1.1   No  193.1.1.1   193.1.1.1   No  No
 5 194.1.1.1   No  194.1.1.1   194.1.1.1   No  No



 If I understand correctly the first 3 tests are valid IP, but not the
 193.1.1.1 and 194.1.1.1 ??

 Eric Rodriguez

No, none of the 5 has yes in the matches column so they're all valid
(ie: none of them matches the regex).

The other columns are irrelevant to the application here. Please ignore
them unless you fully understand them.

Re: Filtering through mailing lists

[mouss]

Garik a écrit :
 I have a situation where by mail passes through a mailing list and then
 goes on to the destination mailbox that's subscribed in the mailing
 list. Here's my problem:
 
 SpamAssasin checks the emails going through the mailing list for SPAM
 and adds the subject [**SPAM**] to the email, and then when it's going
 to the mailbox it checks the email again and adds the [**SPAM**] header
 a second time. So my emails end up looking like: [**SPAM**] [**SPAM**]
 My_email_subject
 
 Is there anything that can be done so there's only one instance of
 [**SPAM**] in the subject? Have postfix strip out the spam headers from
 the subject, or is there another solution? Someone would have run across
 this problem before me.
 
 I'm running SpamAssasin 3.1.7, MailMan using Postfix.
 

configure mailman to resubmit mail to a port that is unfiltered. no
point to filter mail twice.

$ cat mm_cfg.py
...
SMTPHOST = '127.0.0.1'
SMTPPORT = 10025
...



 Any help would be welcome,
 
 Garik

Re: Filtering through mailing lists

[Benny Pedersen]

On Fri, May 29, 2009 22:04, mouss wrote:
 configure mailman to resubmit mail to a port that is unfiltered. no
 point to filter mail twice.

 $ cat mm_cfg.py
 ...
 SMTPHOST = '127.0.0.1'
 SMTPPORT = 10025

doing so here disables dkim sign in my amavisd, have not found a way
around this here

-- 
http://localhost/ 100% uptime and 100% mirrored :)