On 4/22/11 12:51 PM, Niamh Holding wrote:
Hello Karsten,
Friday, April 22, 2011, 4:31:25 PM, you wrote:
KB> What you want instead is to match anything BUT a space /[^ ]+/. That
KB> will prevent this part from matching beyond borders. More specifically,
KB> it prevents matching any other data point and ensures the right hand
KB> part actually is the rDNS as desired.
Well it happily appears to go beyond borders according to the tester at
http://www.spaweditor.com/scripts/regex/index.php
The regex
/[^ ]+ rdns=.*dip\.t-dialin\.net/i
matches with
ip=212.227.17.8 rdns=moutng.kundenserver.de helo=moutng.kundenserver.de
by=mail.redbus.holtain.net ident= envfrom= intl=0 id= auth= msa=0 ] [
ip=84.165.216.65 rdns=p54A5D841.dip.t-dialin.net
how about 'msa=0 \] \[ ip=.*rdns=.*dip\.t-dialin\.net/i'
(and do you need the /i? isn't it expensive?)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Best Intrusion Prevention Product, Networks Product Guide
* Certified SNORT Integrator
* Hot Company Award, World Executive Alliance
* Best in Email Security, 2010 Network Products Guide
* King of Spam Filters, SC Magazine
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
