On Fri, 16 Jan 1998, Walter Dnes wrote:
Because mailing lists tend to be unique, I'd put this check
after processing mailing list mail. I suppose that an
additional "Message-ID" hedaer could be forged, but there
would then be two matches on "^Message-ID", and counting
could be used to boot messages with more than one such line.
Many legitimate mails have a domain portion of the msgid entirely
different from the sender's domain for various reasons. And forging the
msgid does not normally mean there would be two msgids. (This mail is a
poor-quality 'forgery' that I use for a special purpose, done with
procmail.) And even this mailing list retains the sender's original
message-id.
FROMDOMAIN=`formail -rzxTo: | sed -e 's/.*@//'`
Here formail might not always get the field you expect, for a variety of
reasons. You might want to narrow the scope to the specific field you
want. Extra formail call required, though.
# The From_ or postmark, the top line in a mail:
FROMDOMAIN=`formail -X'From '|formail -zrxto|sed s/.*@//`
or
# The "From:" domain:
FROMDOMAIN=`formail -X'From:'|formail -zrxto|sed s/.*@//`
Further musings: I think one could strip the domain in any line containing
an address by piping to two sed calls. |sed s/.*@//|sed s/'[ >,].*'//
I don't know which would be easier on the system. Maybe there is a better
way to do that with sed than what I have so far.
There is another option, i.e. also check the "Received: from"
header(s). But it might run into problems receiving email from
people on virtual domains...
FROMDOMAIN=`formail -rzxTo: | sed -e 's/.*@//'`
:0
*$ ^Message-ID:(_dot_)*(_at_)*$FROMDOMAIN
*$ ^Received:.from*$FROMDOMAIN
$DEFAULT
:0 :baddomain.lock
suspected.spam.file
Hopefully this will be a better idea than my
"multiple-Received headers" algorithm<g>. I do want comments,
positive or negative, before I go ahead. This group has been
valuable to me even if only telling me what *NOT* to do<g>.
--
Walter Dnes (Toronto)
<waltdnes(_at_)interlog(_dot_)com>