Milter-greylist

reschauzier wrote:
 > robert_schmidli wrote:
 > > problem - I get the following error message:
 > >  
 > > bad regular expression "[0-9]+([^0-9])[0-9]+\1[0-9]+\1[0-9]+":
 > > Invalid back reference.
 > >  
 > > I've had to delete the offending line.
 > 
 > What version of milter-greylist are you running?

I think the correct question to ask would be: What OS are
you running?  :-)

Milter-greylist uses the regex functions from the libc of
the OS.  So if those functions are broken (or use a syntax
different from other systems), then that will also affect
milter-greylist's usage of regular expressions.

To the OP, I suggest that you have a look at the manual
page of the regex functions of your OS (regcomp(3) etc.),
and look for hints regarding back references.  For example,
back-references aren't supported at all on Solaris, as far
as I can tell.  However, your error message indicates that
they _are_ supported for you, but the syntax seem to be
different.

One thing you could try is to enclose the parenthesized
sub-expression in backslashed parentheses instead, i.e.
"[0-9]+\([^0-9]\)[0-9]...".  Some regular expression
parsers require it that way.

By the way, someone suggested [-._] for the separator.
Note that underscores are illegal in domain names, so
simply [-.] will suffice.  Mail from domains containing
underscores should be rejected or blacklisted right away;
there's no need to greylist them, because they certainly
don't come from legal mail servers.

It might also be an option to make the whole separator
optional, i.e. "[-.]?" so it will match in those cases
where the IP is encoded as a single stream of digits.
(Of course you can use a second regular expression for
that, but the less of them the better.  The "?" matching
costs nearly nothing in this case, performance-wise.)

Furthermore, a lot of internet access providers use the
hexadecimal IP (instead of decimal) for the reverse look-
up of their pools.  So it's probably a good idea to add
a similar regular expression that matches IP addresses
expressed in hexadecimal, for example:

[0-9a-f]{2,2}[-.]?[0-9a-f]{2,2}[-.]?[0-9a-f]{2,2}[-.]?[0-9a-f]{2,2}

(Note that milter-greylist uses case-insensitive matches,
so it's not necessary to say "[0-9A-Za-z]".)

That will match things like 5f-8b-23-cd.dsl.example.com,
5f8b23cd.cable.foo.net, and even 5f-8b.23-cd.dyn.bar.org
or 5f8b-23cd.pool.baz.biz.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"With sufficient thrust, pigs fly just fine.  However, this
is not necessarily a good idea.  It is hard to be sure where
they are going to land, and it could be dangerous sitting
under them as they fly overhead." -- RFC 1925