Hello,
I have made a few rules to match bodies of e-mail forwarded to our
abuse account. they should match if IP from our range appears in the
abuse report:
body __GTSSK_IP04 /\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/
should match any IP from range 213.215.64.0/18
However:
I have received a complaint containing RFC822 attachment with this line
in headers of the attachment:
Received: from a43.pbi.bn.cust.gts.sk ([213.215.106.107] helo=smtp.pbi.sk) by
mail.kontaktco.at with esmtp (Exim 4.72) (envelope-from <i...@hi5.com>) id
1RUaIh-0000zs-8d for gerhard.goll...@kontaktco.at; Sun, 27 Nov 2011 09:41:28 +0100
Neither the body rule above, neither rule changed to header matched:
header __GTSSK_IP04 Received =~
/\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/
even if "pcregrep" with same pattern matched the line...
I have tried to use "rawbody" rule but still no match.
I have SA 3.3.1 with perl 5.8.8 on gentoo linux...
can either of those cause the problem?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.
