Bowie Bailey wrote: > Linda Walsh wrote: > >> I found, BURIED, in the doc "Mail::SpamAssassin::Conf the broken, >> primitive rules for white/black list patterns allowed: >> > > Where else would they be? This is the main location for documentation > of the SA configuration and rule definitions. > > >> Whitelist and blacklist addresses are now file-glob-style >> patterns, so "fri...@somewhere.com", "*...@isp.com", or >> "*.domain.net" will all work. Specifically, "*" and "?" >> are allowed, but all other metacharacters are not. >> Regular expressions are not used for security reasons. >> ======================= >> >> These are NOT file-glob style patterns. As on linux >> These are examples of non-regex file-glob patterns that don't work >> under >> SA: "[0-9][0-9a-f]*.domain", "[0-9]*.domain", "[^0-9]*.domain". >> > > Not all systems and shells support [] file-glob modifiers. And as said by bowie, they're not mentioned in the docs, because they're not supported. > The documentation you quoted above clearly states that only "*" and "?" > metacharacters are allowed. >
And more to the point, there's a very important reason this is the only type of pattern allowed. Regular expressions can easily be crafted to create a lot of load on a server. white/blacklist entries can be created by "untrusted" end users, who could abuse them to DoS your mailserver. It may be "primitive", but it's not "broken" and it's done that way very much on purpose. Supporting file globs is somewhat harder than doing regexes, which are very natural in perl. That's why the main configuration docs state: "Regular expressions are not used for security reasons." > making clear whether the pattern provided must match the full email > > address, or if a partial match will be considered a a positive match > > (i.e. "@foobar" is same as "*...@foobar*") > > > I agree that it would be useful to have this stated explicitly in the > documentation. > Agreed, that's lacking.
