:0:
* !
^From:(_dot_)+(_at_)*test(_dot_)com|(_dot_)+(_at_)*test1(_dot_)com|(_dot_)+(_at_)mail(_dot_)test(_dot_)com|MAILER-DAEMON
* ! ^(To:|CC:)(_dot_)+(_at_)test(_dot_)com|\
(_dot_)+(_at_)test1(_dot_)com|\
(_dot_)*(_at_)OpenLDAP(_dot_)org|\
(_dot_)*(_at_)postgresql(_dot_)org|\
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
Let's look at that first pattern line.
* !
^From:(_dot_)+(_at_)*test(_dot_)com|(_dot_)+(_at_)*test1(_dot_)com|(_dot_)+(_at_)mail(_dot_)test(_dot_)com|MAILER-DAEMON
This means: "If the line does NOT contain any of the following:
1. a line that starts with "From:", followed by at least one
character, followed by zero or more '@', followed by
"test" followed by any character, followed by "com";
2. a line that contains at least one character, followed by zero or
more '@', followed by "test1", then any character, then "com"
(this line need NOT contain "From:" at the beginning of the line);
3. a line containing at least 1 character, followed by '@mail'
followed by any character, followed by 'test' followed by any
character followed by 'com' (this line needn't contain "From:"
either) ;
4. a line containing the string 'MAILER-DAEMON' anywhere on it.
" etc.
I *think* what you want is more like:
:0:
* ! ^FROM_MAILER
* ! ^From:.*@(test\.com|test1\.com|mail\.test\.com)
* ! ^TO_.*@(test\.com|test1\.com|openldap\.org|postgresql.org)
* ! ^TO_procmail(_at_)lists(_dot_)rwth-aachen(_dot_)de
/spam/directory/here/
I didn't know that the '.' was not taken literally. I left the '*' in
the @*test.com because certain people use their linux boxes as their
smtp server. Else, (I thought) that the rule would reject a From:
prompt with something like @goku.test1.com.
What about the CC:? Would it be something like this:
* ! ^(TO_|CC_).*@(test\.com|test1\.com|openldap\.org|postgresql\.org)
This rule appears to be working great & it's stopping about 90% of the
incoming mail. Now I know that you can't block all the SPAM, but a few
emails are getting through that shouldn't be. Here are the mail headers
for 2 of several that got through:
Date: Thu, 04 Jan 2001 06:21:37 -0500
From: tazz101(_at_)earthlink(_dot_)net
To: undisclosed-recipients: ;
Subject: Buffalo Bills
Is there a "Received:" header that contains "test1.com" or
"test1-com"? (or "contest.com"?)
What does the Return-Path: say?
Here are the full headers. I don't see any reason why it should have
failed, but I'll try implementing the revised rules that you provided to
see what it does.
Return-Path: <tazz101(_at_)earthlink(_dot_)net>
Received: from snipe.prod.itd.earthlink.net
(snipe.prod.itd.earthlink.net
[207.217.120.62])
by mail.test.com (8.9.3/8.9.3) with ESMTP id FAA22794
for <cam(_at_)Test1(_dot_)com>; Thu, 4 Jan 2001 05:35:58 -0500
From: tazz101(_at_)earthlink(_dot_)net
Received: from earthlink.net (pool-63.49.172.20.troy.grid.net
[63.49.172.20])
by snipe.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id
CAA23406;
Thu, 4 Jan 2001 02:34:58 -0800 (PST)
Message-ID: <3A5451D0(_dot_)2B8B57E5(_at_)earthlink(_dot_)net>
Date: Thu, 04 Jan 2001 05:34:56 -0500
X-Mailer: Mozilla 4.76 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
Subject: No Joke
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: undisclosed-recipients:;
Finally, try doing this:
LOGFILE=/path/to/some/global/lockfile
VERBOSE=yes
in .procmailrc in a test account to see which recipe/test is doing
other than what you expect.
I already had a log file. I was watching it to make sue that I didn't
break any of the proc rules. But that Verbose is even better!
-Rob
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail