Christopher Lindsey writes:
:0
* ^Comments:.*authenticated\ sender\ is
* ^()\/(Comments:.*authenticated\ sender|X-PMFLAGS)
* !^X-Mailer:.*Pegasus
* !^Resent-To:
/dev/null
Don't forget to add
* !^Return-Path:.*owner-
in case the message is resent via a mailing list.
:0
* ^Message-ID.*<>
/dev/null
# This will allegedly trap invalid message ID's
:0
* !^Message-Id:[\t ]+<("[^"]+"|[^ <>@]+)@[^<>]*>$
/dev/null
You can probably combine these two recipes into a single one. Ron posted
a much better one that checks just about every aspect of RFC compliance
a while back. You can see it at
http://www.rosat.mpe-garching.mpg.de/mailing-lists/procmail/1998-03/msg00268.html
Philip Guenther posted a very complete regexp back in March. Grep the
archive for the "bad message id's" thread.
Otherwise, you'll be filtering some valid mail too (although \t doesn't equal
a
tab, so you need to make that an actual tab character for this to work).
Filtering bad (non-RFC compliant) Message-Id:'s to /dev/null is a very
bad idea. I am using Philip's regexp for test purposes, and it is catching
legit mail every once in a while.
I also tried the MessageID ruleset from the latest sendmail beta for a
while (it rejects anything not in the format "< something @ something >"),
and not even this extremely simplistic format is adhered to by some MUAs.
The rules caught incomimg Message-Id:'s with "<@host.domain.com>". The sender
was in the domain of one of the "TOP 5 PC makers", btw ...