Community Discussions and Support
SMTP-S Regular Expression Search for Square Brackets Within HELO

Thank you All,

I'm going to try a few of your suggestions and report back later - watch this space!

Regards 

<p>Thank you All,</p><p>I'm going to try a few of your suggestions and report back later - watch this space!</p><p><span style="font-size: 10pt;">Regards</span><span style="font-size: 10pt;"> </span></p>

Hi Everyone, 

Does anyone know how to search for square brackets using a regular expression? 

I'm trying to block the following type of HELO greeting:

EHLO [190.122.125.138]

I have used [Z-a] to successfully capture "[" and "]" characters, but to me this is a bit of a fudge. Using [[] or []] doesn't work.

This is what I use at present, and it works, but I want improve it: 

H, "[heHE][heHE]LO/w[Z-a][0-9]+.[0-9]+.[0-9]+.[0-9]+[Z-a]/w", L, "CAUGHT DOTTED IP WITH SQ BRACKETS IN HELO USING Z-a"

So, does anyone know if it is possible to search for "[" or "]" perhaps by using an escape command (if one exists)?

Thanks in advance :) 

<p>Hi Everyone, </p><p><span style="font-size: 10pt;">Does anyone know how to search for square brackets using a regular expression? </span></p><p>I'm trying to block the following type of HELO greeting:</p><p>EHLO [190.122.125.138]</p><p><span style="font-size: 10pt;">I have used [Z-a] to successfully capture "[" and "]" characters, but to me this is a bit of a fudge. Using [[] or []] doesn't work.</span></p><p><span style="font-size: 10pt;">This is what I use at present, and it works, but I want improve it: </span></p><p>H, "[heHE][heHE]LO/w[Z-a][0-9]+.[0-9]+.[0-9]+.[0-9]+[Z-a]/w", L, "CAUGHT DOTTED IP WITH SQ BRACKETS IN HELO USING Z-a"</p><p><span style="font-size: 10pt;">So, does anyone know if it is possible to search for "[" or "]" perhaps by using an escape command (if one exists)?</span></p><p>Thanks in advance :) </p>

You have to use a preceding backslash to match a metacharacter litteraly (square brackets are metacharacters ; they have a specific meaning in a regular expression).

\[ will select the square bracket [

To select litteraly       EHLO [192.168.0.1]       you can use the regular expression       EHLO \[192\.168\.0\.1\]

To select       EHLO [ with any valid IPV4 adres ]       you can use the regular expression       EHLO \[\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b\]

 

grz

jef_b

<p>You have to use a preceding backslash to match a metacharacter litteraly (square brackets are metacharacters ; they have a specific meaning in a regular expression).</p><p>\[ will select the square bracket [ </p><p>To select litteraly       EHLO [192.168.0.1]       you can use the regular expression       EHLO \[192\.168\.0\.1\]</p><p>To select       EHLO [ with any valid IPV4 adres ]       you can use the regular expression       EHLO \[\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b\]</p><p> </p><p>grz</p><p>jef_b </p>

On help there is no way to masquerade the "]". And the "H" in front of the transaction-rule means, that the rule should apply to HELO or EHLO.

Tested this with a telnet connection on port 25 and worked:

H, "*[[][0-9]+.[0-9]+.[0-9]+.[0-9]+*", L, "CAUGHT DOTTED IP WITH SQ BRACKETS IN HELO USING OPENING BRACKET"

bye

<p>On help there is no way to masquerade the "]". And the "H" in front of the transaction-rule means, that the rule should apply to HELO <b>or</b> EHLO. </p><p>Tested this with a telnet connection on port 25 and worked:</p><p>H, "*[[][0-9]+.[0-9]+.[0-9]+.[0-9]+*", L, "CAUGHT DOTTED IP WITH SQ BRACKETS IN HELO USING OPENING BRACKET"</p><p>bye </p>

[quote user="jef_b"]

You have to use a preceding backslash to match a metacharacter litteraly (square brackets are metacharacters ; they have a specific meaning in a regular expression).

\[ will select the square bracket [

[/quote]

Shure? With Mercury (or Pegasus)?

That's what to do in regular expressions i.e. in PERL or UNIX. But the help of Mercury talks about including metacharacters like *,?,[ in brackets. The problem with the masquerading in Mercury / Pegasus is the ], because this ends up the masquerading and you can't masquerade it that way.

Bye

 

[quote user="jef_b"]<p>You have to use a preceding backslash to match a metacharacter litteraly (square brackets are metacharacters ; they have a specific meaning in a regular expression).</p><p>\[ will select the square bracket [ </p><p>[/quote]</p><p>Shure? With Mercury (or Pegasus)?</p><p>That's what to do in regular expressions i.e. in PERL or UNIX. But the help of Mercury talks about including metacharacters like *,?,[ in brackets. The problem with the masquerading in Mercury / Pegasus is the ], because this ends up the masquerading and you can't masquerade it that way. </p><p>Bye</p><p> </p>

[quote user="FJR"]... But the help of Mercury talks about including metacharacters like *,?,[ in brackets. The problem with the masquerading in Mercury / Pegasus is the ], because this ends up the masquerading and you can't masquerade it that way.[/quote]

Do you need to escape ] ?  On it's own (without a preceeding [ ) it can be treated literally.

<P>[quote user="FJR"]... But the help of Mercury talks about including metacharacters like *,?,[ in brackets. The problem with the masquerading in Mercury / Pegasus is the ], because this ends up the masquerading and you can't masquerade it that way.[/quote]</P> <P>Do you need to escape ] ?  On it's own (without a preceeding [ ) it can be treated literally.<FONT size=1></P></FONT>

[quote user="PaulW"]

Do you need to escape ] ?  On it's own (without a preceeding [ ) it can be treated literally.

[/quote]

Ohh ... in all my years with Pegasus and Mercury I didn't realize this! Good tip - reads logical! Thanks!

So on question of MikeGlen this should work (not tested yet):

H, "*[[][0-9]+.[0-9]+.[0-9]+.[0-9]+]*", L, "CAUGHT DOTTED IP WITH SQ BRACKETS IN HELO USING BOTH BRACKETS"

bye

 

<p>[quote user="PaulW"]</p><p>Do you need to escape ] ?  On it's own (without a preceeding [ ) it can be treated literally.</p><p>[/quote]</p><p>Ohh ... in all my years with Pegasus and Mercury I didn't realize this! Good tip - reads logical! Thanks!</p><p>So on question of MikeGlen this should work (not tested yet):</p><p>H, "*[[][0-9]+.[0-9]+.[0-9]+.[0-9]+]*", L, "CAUGHT DOTTED IP WITH SQ BRACKETS IN HELO USING BOTH BRACKETS"</p><p>bye</p><p> </p>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft