| I think it would be handy to remove all Received: headers that come
| after a From: header. These seem to me to be universally forged for
| spammers. On the spam forwarding list, perhaps 60% of the messages for
| the past several days had received: headers forged in this manner.
|
| [ various recipes snipped ]
Huh? Both of you guys would pick off all mail containing both From:
and Received: headers, I think, and that's most mail. The request
was for Received: *after* From: (which, while it doesn't indicate spam
specifically, generally shows up in mail sent originally without
From: and which has had that header added later using the envelope).
I think you want something like:
:0
* ^From:.*^+Received:
{ ACTION }
(does that work as written though?)
Assuming it does, it would apply ACTION to any mail that has a Received:
on the next line after a From: What he asked seems to be to remove (from
each mail) any Received: that appears anywhere after a From:
However, the above recipe would probably catch a lot of spam.