The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

regex email filtering

Discussion in 'E-mail Discussions' started by ttremain, Nov 6, 2011.

  1. ttremain

    ttremain Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    I get a lot of spam recently with subject like:

    "Per fe ctTimeToRetr iev eNe wBra ndOfCa ps ule"

    The common pattern I see is several occurrences of a lower case letter just before
    an upper case one.

    I've tried several regular expressions, but do not see how

    ([a-z][A-Z].+[a-z][A-Z].+[a-z][A-Z].+[a-z][A-Z])

    Somehow, using the tester in cPanel, this matches almost anything, including this
    subject I picked by random from my emails.
    "Winter Update - Important"
    The Filter has matched the following condition(s):
    $header_subject: matches ([a-z][A-Z].+[a-z][A-Z].+[a-z][A-Z].+[a-z][A-Z])



    When I test it with any other regex tool, it does not match this subject.

    Am I doing anything wrong?
     
  2. ttremain

    ttremain Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    59 views and no replies?
     
  3. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
    can you scan your server using iscanner ?
     
  4. ttremain

    ttremain Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    I've run iscanner and saw nothing unusual. (ran it in the /usr folder) Several false positives.

    Back to the regex filtering, I've tried this same filter on 3 different servers, and they all ring with tons of false positives.

    It's probably worth opening up a ticket for.
     
  5. ttremain

    ttremain Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    Turns out it's in how EXIM uses regex in their rules. If the rule file uses "MATCHES" the rule becomes case sensitive, if the rule file uses "matches" (like cPanel does) then the rule is not case sensitive.

    The tech that helped me with this is passing the new info to cPanel developers.
     
  6. Pony99CA

    Pony99CA Registered

    Joined:
    Sep 23, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Has this been fixed yet? Some idiot is spoofing my domain to send spam, so I'm getting bounces from some invalid E-mail addresses. Worse, spammers are now sending spam to the spoofed E-mail addresses. The E-mail addresses being used fit the pattern of all UPPERCASE hexadecimal digits, so I'm trying to discard any E-mail where the To line matches the following:

    ^[A-F0-9]+[0-9][A-F]+[0-9][A-F0-9]*@example.com

    Unfortunately, because a case-insensitive comparison is used, that also blocks undesired addresses. If I want a case-insensitive match, it's easy enough to do using the following:

    ^[a-fA-F0-9]+[0-9][a-fA-F]+[0-9][a-fA-F0-9]*@example.com

    So I'm not sure why the default for regular expressions (an advanced feature) would default to case-insensitive comparisons.

    Steve
     
    #6 Pony99CA, Sep 25, 2012
    Last edited: Sep 25, 2012
Loading...

Share This Page