On Thu, Oct 31, 2019 at 08:28:23AM +0000, gil...@poolp.org wrote:
> October 24, 2019 8:35 PM, "Joerg Jung" <m...@umaxx.net> wrote:
>
> > Hi,
> >
> > I used some regex filters in the past which I'm trying to convert to the
> > latest builtin filters. In particular, I stumbled over a HELO filter,
> > which rejects non-FQDN HELO forcing SMTP protocol, aka:
> > Sendmail FEATURE(block_bad_helo) or Postfix reject_non_fqdn_helo_hostname
> >
> > I had significant success rate with this kind of blocking, since a good
> > portions of spammers seem to be too lazy to configure HELO correctly.
> >
> > Here is what I came up with:
> >
> > # reject HELO/EHLO with leading or trailing dot, and without dots (non-FQDN)
> > filter helo phase helo connect match helo regex { "^\.", "\.$", "^[^\.]*$"
> > } disconnect "554 5.7.1
> > HELO rejected"
> > filter ehlo phase ehlo connect match helo regex { "^\.", "\.$", "^[^\.]*$"
> > } disconnect "554 5.7.1
> > EHLO rejected
> >
> > Now, I just need a way to skip/allow IPv6 address literals, e.g. there
> > are no dots in EHLO [::1], but still a valid/allowed value.
> > With old filter-regex I just did a negotiation: ! regex "^\[" to
> > not apply filter to v6 literals
> >
> > Any ideas/hints how to add/implement this with the new builtin regex
> > filter syntax?
> >
>
> Sadly there would have been a very easy way if I had that use-case in mind
> pre-release,
> which would be to make the "proceed" action explicit, you could have had a
> filter
> match the inet6 address and proceed to shortcut the matching of non fqdn.
:)
> As of today, there will be no option but to craft your regex to contain both
> the pattern
> you want to match AND exclude [ as far as I see it.
But that AND EXCLUDE (aka AND NOT) is not possible with re_format(7),
because no zero-width negative lookahead or similar tricks are
available, right?
I wonder if abusing "match" instead of filtering is an option here, with
match I have the negotiation operator available, so something like this
would probably work, right?
match ! helo regex "^\[" myaction
match helo regex { "^\.", "\.$", "^[^\.]*$" } reject
# further standard match rules following...
The question is, what to put into: myaction, there is no
pass/accept/skip/jump to other match rules... and "relay"
will probably result in a loop, no?
Seems like this is just not possible with the built-in syntax for now
and I need to write a tiny proc-exec filter instead?
