At 08:13 AM 11/5/97 -0600, David W. Tamkin wrote:
Gary Sutter wrote,
| I think it would be handy to remove all Received: headers that come
| after a From: header. These seem to me to be universally forged for
| spammers. On the spam forwarding list, perhaps 60% of the messages for
| the past several days had received: headers forged in this manner.
|
| I can't think of an easier way than this, though:
|
| :0
| * From:
| {
| :0
| * Received:
| { ACTION }
| }
|
| However, it's 1:25 AM and I am not in a good state of mind. Can anyone
| think of a better way? Somehow this seems clumsy to me.
If nothing else, you can do this:
:0
* ^From:
* ^Received:
{ ACTION }
If the action is to remove all Received: headers if a From: exists,
:0fhw
* ^From:.*[^ ]
* ^Received:
| formail -I Received:
Huh? Both of you guys would pick off all mail containing both From:
and Received: headers, I think, and that's most mail. The request
was for Received: *after* From: (which, while it doesn't indicate spam
specifically, generally shows up in mail sent originally without
From: and which has had that header added later using the envelope).
I think you want something like:
:0
* ^From:.*^+Received:
{ ACTION }
(does that work as written though?)
Cheers,
Stan