At 01:43 PM 1/12/98 +0200, jari(_dot_)aalto(_at_)poboxes(_dot_)com wrote:
Fri 98-01-02 wwgrol(_at_)sparc01(_dot_)fw(_dot_)hac(_dot_)com (W. Wesley
| * ^From.*$FORGED_DOMAIN
| * ! ^Received.*$FORGED_DOMAIN
| * ^Received.*$FORGED_DOMAIN
| * ! ^From.*$FORGED_DOMAIN
I my algebra says that
A || B <=> B || A
So you can drop the second recipe, because the first one already does it.
Your conversion of the rulesets to algebra is flawed. The rules are ( A &&
!B ) and ( !A && B ), that is 'NOT', not 'OR'.
Perhaps it would help to look at a couple of examples:
Received: by juno.com from scumbucket.uunet.com
The second recipe would catch a message with these characteristics, but the
first one wouldn't. It follows that certain services (such as juno.com)
shouldn't be routing mail for others, so if juno appears in the headers but
not the from, I'd certainly buy it as spam until I see otherwise.
Received: by victim-isp.com from scumbucket.uunet.com
Would be caught by the first, but not by the second. Here, the FROM
address claims to be from juno, but there is no matching routing
information to show that it passed through any juno systems, which
shouldn't be true of messages on their service.
Thanks Wesley for an interesting addition to my spam filters. Now only if
the procmail mail servers would return to normal and I could see my message
traffic in the proper order again (it got all gummed up about a week ago),
and see the original message. I'm seeing some posts come from
rwth-aachen.de days after they post.
Please DO NOT carbon me on list replies. I'll get my copy from the list.
Sean B. Straw / Professional Software Engineering
Post Box 2395 / San Rafael, CA 94912-2395