procmail
[Top] [All Lists]

Re: Walking down the chain of "Received: from" headers

1999-07-12 07:31:57
On Mon, 12 Jul 1999 08:47:51 -0500, Philip Guenther 
<guenther(_at_)gac(_dot_)edu>
wrote:
waltdnes(_at_)interlog(_dot_)com (Walter Dnes) writes:
Are there any instances where a message wouldn't begin
with something like "From foo(_at_)bar" in the first line?  If
so, your concern would be valid.  My filters are intended
for use with sendmail and/or Exim if it makes any
difference.
The above regexp will skip exactly one line before trying to match
"rest_of_regexp".  When there's a "From " line, Received: headers will
usually start on the third line ("From ", Return-Path:, Received:,
Received:, ...).  Perhaps you meant to write:
     * ^^(.*$)+rest_of_regexp

The "third line rule" only holds on sites which insert Return-Path:
which is by no means universal (although encouraged by recent
standards). I believe there are also systems which don't automatically
add a From_ line (MH systems shouldn't need one) but I've never seen
one. 

As long as matching before \/ is stingy, you should be safe in
assuming that ^^(.*$)*\/Received.* will match the first Received:
header.

However, I don't think there is any guarantee that Received: headers
will not be mixed with other headers, so you should perhaps change
your regex to allow, say, a spurious Message-Id between Received:
headers (in and of itself often a signature of spam, but not nearly
always).

/* era */

-- 
 Too much to say to fit into this .signature anyway: <http://www.iki.fi/era/>
  Fight spam in Europe: <http://www.euro.cauce.org/> * Sign the EU petition