On Sat, 17 Oct 2020 19:01:08 -0500 Michael via tde-users ml-migration-agent@trinitydesktop.org wrote:
On Saturday 17 October 2020 06:45:43 pm Michael via tde-users wrote:
Hi All,
Yeah, I don’t have a decent grasp on regex, but I need one (I think) for a KMail filter. I need to match this one line in a Subject:
***SPAM*** lfd on srv07.srv07-inet-design.com: 93.174.93.68 (NL/Netherlands/-) blocked for port scanning
(the spam part is intermittent), based on these two pieces:
‘lfd on srv07.srv07-inet-design.com:’
Edit: lfd on srvNN.srvNN-inet-design.com:
NN = any two numerical digits only
(Note: I didn't bother testing anything. Typos are unlikely, but possible.)
Assuming Kmail uses PCRE and not Posix regex, you can match the first chunk with:
lfd on srv\d\d.srv\d\d-inet-design.com
and the second with:
) blocked for port scanning$
(the $ confines that portion of the match to the end of the string). If I were trying to match the entire line, I'd probably use something like:
^[^a-z]*lfd on srv\d\d.srv\d\d-inet-design.com: \d\d?\d?.\d\d?\d?.\d\d?\d?.\d\d?\d? ([^)]+) blocked for port scanning$
-and- ‘) blocked for port scanning’
Is there a way to do that without regex? If not, anyone know a solution off the top of their head? Or a really good guide to regex (that doesn’t make your head swim)?
Are there other messages about "blocked for port scanning" that you need to be sure you receive? If not, I'd just do a subject-contains filter using that string and forget about the regex.
(I use regexes a lot in my day job, so I'm the last person to ask about gentle introductions to the topic—I usually go straight to the perlre manpage if there's something I need to look up.)
E. Liddell
--------------------------------------------------------------------- To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting