Milter-greylist

--- In milter-greylist@yahoogroups.com, Oliver Fromme <olli@...> wrote:

> 
>  > In order to reliably detect hex addresses
>  > without separators, you'd need two passes of regexes: the first to
>  > identify a string of 8 hex numbers, and then a second one to make
sure
>  > there is at least one non-decimal number in that string.
> 
> I don't quite understand what you mean, could you please
> explain?  What do you mean, "at least one non-decimal
> number", and how does it apply to your example "web307045"?

Let's clarify with an example. 123456 is a valid hex number. From the
looks of it, however, there is no way to tell whether this is just a 6
digit decimal number (which are quite common in mailer names,
especially for big mailer farms), or a true hex number. The only way
to tell a 6 digit hex number from a six digit dec number is when it
includes at least one non-decimal hex digit ([a-f]), eg. 123d56 or 1f3d12.

> I think it would make sense to whitelist hosts that contain
> the word "mail" somewhere in the name, e.g. /mail.*\..*/.
> That whitelist entry should be placed before the greylist
> entry for decimal/hexadecimal matching of dynamic address
> pools, so it is checked first for a match.  It would help
> in the case of "web307045.mail.mud.yahoo.com".  Usually
> the names of dynamic address pools don't contain the word
> "mail".

Ah, that is a very good idea; I think this will prevent some false
positives, eventhough I haven't seen many so far.