regexp body_check help - IP address

Another phish made it past my filters, and so I set about trying to
craft something that would trap it. In every phish I've looked at,
there was always an IP address hidden in a url, such as this:

href="http://198.31.130.18/.signin.ebay.com/cgi4.ebay.com/ws3/
eBayISAPI.dll/signin/"

That was courtesy the latest phish... So, I came up with a regexp that
would match from the equal sign through the first slash after the IP
address, and put it in my body_checks file as follows:

/=\"http:\/\/(([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0
-5])\.([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0-5]))\//
Reject ALERT

In my text editor, several test searches correctly found the above and
several variant IP literals, but when I tried sending myself a test
message containing the hidden url, postfix wasn't catching it. I even
forwarded the raw text to myself, and it wasn't caught:

Begin forwarded message:

> your account may have <BR>been tampered with, please contact our <A
> href="http://198.31.130.18/.signin.ebay.com/cgi4.ebay.com/ws3/
> eBayISAPI.dll/signin/" target=_blank><FONT


I'm sure I'm missing some key bit that is causing this not to trigger,
but I can't for the life of me figure out what that might be...