ASPwebhosting Posted April 25, 2014 Share Posted April 25, 2014 If you're like me and you are sick and tired of being inundated with spam containing links to .ru websites trying to get you to download malware, this handy RegEx will do the trick. [Hh][Tt][Tt][Pp][ss]?[:][/][/][A-Za-z0-9_\-.]*[.]([Rr][uu])([/][^ \t\n\r\f]+|[^A-Za-z0-9_\-]|$) In my case, I use it in a custom signature inspecting the body of emails traversing my Cisco IDS/IPS system to instantly drop the packet, drop the connection from the offending mail server and reset the TCP connection to my mail server, which acts as a tarpit delay leaving an open connection to the offending mail server while closing the connection on my mail server. This RegEx could easily be adapted to mail systems such as Zimbra that use Postfix with spam Assassin or others that make use of regular expressions. I have another I'll post that works in conjunction with SpamCop to ensure servers identified as known spam sources by SpamCop will be denied port 25 SMTP connections. David Kopacz, CTO ASPwebhosting.com Link to comment Share on other sites More sharing options...
turetzsr Posted April 25, 2014 Share Posted April 25, 2014 ...Thanks, David! ...Those who prefer to use a shorter Regular Expression might wish to consider the "i" modifier, described at http://www.w3schools.com/jsref/jsref_regexp_i.asp. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.