Milter-greylist

--- In milter-greylist@yahoogroups.com, Matt Kettler <mkettler@...> wrote:
>
> robert_schmidli wrote:
> >> 	/CATV/			\
> >> 	/[0-9]+([^0-9])[0-9]+\1[0-9]+\1[0-9]+/	\
> >> 	/[0-9]{12,}/		\
> >> }
> >> acl greylist list "dynamic"
> > 
> > Thanks.  I'll be interested to hear if you change anything.  One
> > problem - I get the following error message:
> > 
> > bad regular expression "[0-9]+([^0-9])[0-9]+\1[0-9]+\1[0-9]+": Invalid
> > back reference.
> > 
> > I've had to delete the offending line.
> 
> Hmm, at casual glance it should be valid.
> 
> That said, the the characters matched are really likely to be . or
-, so it
> seems inefficient to use back references there anyway.
> 
> Personally I'd use one of these instead:
> 
> /[0-9]{1,3}[-._][0-9]{1,3}[-._][0-9]{1,3}[-._][0-9]{1,3}[-._]/
> 
> /[0-9]+[-._][0-9]+[-._][0-9]+[-._][0-9]+[-._]/
> 
> The primary difference being the first one won't match sequences
involving more
> than three numbers at a time, but the second one will.
> (ie: 123-123-123-1234.example.com will not match the first one, but
will match
> the second.)
>

The reason for the backreferences is names like 123x45x67x89, which do
occur. At the same time, I don't want to match 123a45b67c89 for
example. The regex as is seems to be very good at finding dynamic IPs,
while giving very little false positives.