[Rspamd-Users] multimap and header lines
G.W. Haywood
rspamd at jubileegroup.co.uk
Mon Nov 18 18:13:12 UTC 2024
Hi there,
On Mon, 18 Nov 2024, Valentijn Sessink wrote:
> I wanted to just match one header; but wanted to be able to add more
> headers if necessary. Now my question is: what is the correct way of
> matching a single header line, from start to end?
(If I've understood you correctly:) I don't know if there's just one
"correct" way, but if you want to match multiple headers in a single
regex you could do something like:
/^(header1|header2|header3):(headercontent1|headercontent2|headercontent3)/
where headercontent[1,2...] would probably start with '\s?' and could
conceivably contain bare \r\s; and variable length matches in regexes
are either minimal (for example '.*?' instead of '.*'); or specified
lengths (for example '.{0,10}'); and preferably avoided altogether.
But it might be better not to try to do that. It's fine to have many
regexes in your configuration:
/^header1:headercontent1/
/^header2:headercontent2/
/^header3:headercontent3/
Note that there there is usually a space after the colon but there
might not be and you may need to take account of that.
> Subquestions:
> - are headers normalized, when multimap kicks in?
If they were folded, they are unfolded.
> - does the PCRE clause (*ANYCRLF) do anything? Should I leave that out?
With things like 'ANYCRLF' and '\R' there are things like compilation
options and configuration to be considered:
https://en.wikipedia.org/wiki/Perl_Compatible_Regular_Expressions#Newline/linebreak_options
Unless I'd spent some quality time with the matching engine which I
was using at the time, so I knew what it would do under all relevant
circumstances, I wouldn't use them.
> BTW the header I'm actually trying to block is
> X-sender: postmaster at salesforce.com ;-)
I can understand that. :)
Something like
/^X-sender: postmaster at salesforce\.com/
ought to do that, but I'd probably do something with the ASN from our
GeoIP database:
milter=> SELECT COUNT(*) FROM xm_geo2 WHERE as_name LIKE '%SALESFORCE%' ;
count
-------
150
(1 row)
:)
--
73,
Ged.
More information about the Users
mailing list