procmail
[Top] [All Lists]

Re: Counting headers?

1998-03-10 13:44:23
YBrad Knowles wrote:
On Tue, Mar 10, 1998 at 09:49:48AM -0600, Andrew wrote:

What I'd like to do is come up with a recipe that'll detect these.  I.e.
count the number of received headers and if there's only one, dump it.  If
there's more than one, check to see which ones are just passing through my
local mail servers, and if none remain after eliminating those, dump it.

    Bad idea.  There are plenty of systems out there that will
strip "Received:" headers for mail that passes through them,
most of them in a misguided attempt to provide security (through
obscurity).

    Also, if the mail message originates on a remote machine
that is capable of directly connecting to your primary MX (and
does so), then you'd *legitimately* have only two "Received:"
headers.


    Now, if you could find some other signature of RFMS that you
could filter on, that sounds like a winner.


As you suggest, there are additional signatures which enables the type of
filtering which Andrew requested. Those are that:

1) The source of the message is a dial-up server. Identification of these
   is not certain from their names, but the (vast?) majority of them are found
   to be named with specific and filterable patterns.
2) Since the messages arrived through a system which does not generate
   message-ids, they have been given a local message-id (assuming sendmail or
   a work-alike).

There are other patterns, as well, to be seen in default settings of Rapid
Fire. These include lack of To and From headers, and, due to the lack of a
From header or other sender indication, lack of a Return-Path header. These,
however, seem to be only default conditions and are over-ridden by some
users.

The pity is that many of us are doing this after the message has been accepted
by our ISP. It would much nicer if it could be easily handled by sendmail.
(Perhaps it can -- I don't do sendmail.)


-- 
Rik Kabel          Old enough to be an adult              
rik(_at_)netcom(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>