18 Oct
2020
18 Oct
'20
4:10 p.m.
On Sunday 18 October 2020 01:50:33 am deloptes via tde-users wrote:
On Saturday 17 October 2020 08:25:49 pm E. Liddell via tde-users wrote:
On Sat, 17 Oct 2020 19:01:08 -0500
Michael via tde-users <ml-migration-agent(a)trinitydesktop.org> wrote:
On Saturday 17 October 2020 06:45:43 pm Michael
via tde-users wrote:
(Note: I didn't bother testing anything. Typos are unlikely, but
possible.)
Assuming Kmail uses PCRE and not Posix regex, you can match the first
chunk with:
lfd on srv\d\d\.srv\d\d-inet-design\.com
and the second with:
\) blocked for port scanning$
(the $ confines that portion of the match to the end of the string).
If I were trying to match the entire line, I'd probably use something
like:
^[^a-z]*lfd on srv\d\d\.srv\d\d-inet-design\.com:
\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d? \([^\)]+\) blocked for port
scanning$ I need to match this one line in a Subject:
***SPAM*** lfd on srv07.srv07-inet-design.com: 93.174.93.68
(NL/Netherlands/-) blocked for port scanning
(the spam part is intermittent), based on these two pieces:
lfd on srvNN.srvNN-inet-design.com:
NN = any two numerical digits only
> -and-
> ‘) blocked for port scanning’ Are there other messages about "blocked for port
scanning" that you need
to be sure you receive? If not, I'd just do a subject-contains filter
using that string and forget about the regex.
Sadly, yes, when a client's user gets "blocked for port scanning" the phrase
ends up in the Subject (to/from the client). Generally after I've found the
block message I forward, and modify the Subject, but my existing rule is a
subject-contains filter so then I have to go searching for client replies
from the thousands of messages in the 'blocked' folder.
You can use kregexpeditor from kregexpeditor-trinity -
it took me 3min to
build the rules for each line with middle level regexp.
^.*srv[\d]{2,2}\.srv[\d]{2,2}-inet-design\.com.*$
^.*\)\sblocked\sfor\sport\sscanning.*$
That is way cool! I pasted both of the expressions into kregexpeditor then
fiddled with them to come up with:
^.*lfd on srv[\d]{2,2}\.srv[\d]{2,2}-inet-design\.com.*\) blocked for port
scanning$
I dropped the escaped spaces (\s) and used the repeat exactly two digits
syntax, mostly because it made kregexpeditor’s pictograph look cleaner (in
the vain theory that’d give better performance).
I wouldn’t have thought to use either a line start or a line end, but I’m
guessing they both help to give better performance to the regex engine?
# # #
E., deloptes,
Thank you both so much, combined you’ve saved me hours of digging to get this
to work. If either of you ever come through the Nashville area, I’ll buy you
a beer/pastry/whatever your vice is! Well, that applies to basically
everyone on this list, this has to be the best list I’ve ever been on…
Best Regards All,
Michael