On Sun, 4 May 1997 12:00:00 -0700 (PDT),
Eric Hilding <eric(_at_)hilding(_dot_)com> wrote:
I've got "To:" and "From:" recipes set up which seem to be working
okay, but this turkey got through apparently due to the "for" line.
Is: * ^for(_dot_)*(_at_)domain(_dot_)com an appropriate recipe
syntax???
No, because it will not match what you are trying to match. I also
don't think the "for" part is a good thing to match on, but see below.
Procmail accepts an arbitrary regular expression on the condition
line. This is indeed what you have, but it is one which matches lines
which start with the word "for" (that's what the caret ^ means).
It would probably be a good idea to read up on regular expressions.
Any good Unix book should contain an introduction.
Meanwhile, try this:
:0
* ^Received:(.*\<)?for[ ]<[^>]*(_at_)domain\(_dot_)com>
/dev/null
The (.*\<)? thing is an attempt to prevent a match on something like
"Received: by formail 1.0 ... contact root(_at_)domain(_dot_)com to complain"
where the "for" in "formail" and the "@domain.com" would be picked up
as a match if you were less careful. The stuff in the brackets
consists of a tab and a space. <[^>]* matches an opening broket
followed by any number of characters as long as they're not closing
brokets.
This probably won't have the effect that you intend it to; the
Received ... for usually lists the intended receiver, not the sender.
If you're trying to rid yourself of messages which don't contain a
valid To: line, that's easy to do, but it will also reject any Bcc:s
any of your buddies send you.
Received: from jolt.mpx.com.au(really [203.2.75.7]) by kyoko.mpx.com.au
via sendmail with smtp
id <m0wO2LL-003bH6C(_at_)kyoko(_dot_)mpx(_dot_)com(_dot_)au>
for <david(_at_)domain(_dot_)com>; Mon, 5 May 97 00:32:51 +1000 (EST)
(/\##/\ Smail3.1.30.13 #30.8 built 5-oct-95)
One thing you can try is to match on other parts of the Received:
line, such as Received: from. Not all MTA:s will add this information
but it's better than nothing.
On a tangential note, you should perhaps try to persuade mpx.com.au to
do some filtering for you. The were apparently the injection point of
this spam. As far as I can tell, it's theft of their services so
unless they're real bozos, they should be interested in preventing
further incidents like this one.
By the way, you could test your hypotheses yourself by using a
Procmail testbed which will accept messages and write a log but not
add those messages to your real mail spool. The FAQ contains an
example file at <http://www.iki.fi/~era/procmail/experiments.rc>
(you should check out the usage instructions in the FAQ itself first
-- its URL is <http://www.iki.fi/~era/procmail/mini-faq.html>).
Hope this helps,
/* era */
Just noticed that the .rc file's permissions were wrong -- apologies
to anyone who tried to download it, mixed with flames for not telling
me. ;-/
--
Defin-i-t-e-ly. Sep-a-r-a-te. Gram-m-a-r. <http://www.iki.fi/~era/>
* Enjoy receiving spam? Register at <http://www.iki.fi/~era/spam.html>