Edward S. Marshall wrote:
a) and b): a little formail magic:
FROMDOMAIN=`formail -rzxTo: | sed -e 's/.*@//'`
[...deletia...]
The solution to c) above required a bit of work...
This reply is somewhat late, but another, more recent thread
("empty message id") here gives me an idea. Rather than do a
domain lookup on FROMDOMAIN, how about looking for FROMDOMAIN
in the "Message-ID:" and header? Something like...
FROMDOMAIN=`formail -rzxTo: | sed -e 's/.*@//'`
:0 :baddomain.lock
*$! ^Message-ID:(_dot_)*(_at_)*$FROMDOMAIN
suspected.spam.file
Because mailing lists tend to be unique, I'd put this check
after processing mailing list mail. I suppose that an
additional "Message-ID" hedaer could be forged, but there
would then be two matches on "^Message-ID", and counting
could be used to boot messages with more than one such line.
There is another option, i.e. also check the "Received: from"
header(s). But it might run into problems receiving email from
people on virtual domains...
FROMDOMAIN=`formail -rzxTo: | sed -e 's/.*@//'`
:0
*$ ^Message-ID:(_dot_)*(_at_)*$FROMDOMAIN
*$ ^Received:.from*$FROMDOMAIN
$DEFAULT
:0 :baddomain.lock
suspected.spam.file
Hopefully this will be a better idea than my
"multiple-Received headers" algorithm<g>. I do want comments,
positive or negative, before I go ahead. This group has been
valuable to me even if only telling me what *NOT* to do<g>.
--
Walter Dnes (Toronto)
<waltdnes(_at_)interlog(_dot_)com>