A couple of false positives too:
From: Gamespot Weekly Specials
<3(_dot_)295(_dot_)a0-_-iq__5qNNjgw9RR(_dot_)1(_at_)newsletter(_dot_)online(_dot_)com>
From: Account Link FYIs &
Deals<Account_Link_FYIs_&_Deals_Customer_Service(_at_)pnc(_dot_)com>
ridiculous emails I know but still false positive.
Eric
At 10:25 AM 11/30/2001 -0500, Eric Krichbaum wrote:
I stuck this one in and it's not catching them all. Specifically, it missed:
From: "david basagic" <_dbasagic(_at_)mountain(_dot_)net>
From: "Don Land" <_dwl(_at_)access(_dot_)mountain(_dot_)net>
but I'm not seeing why? They both include the <_yadda@ pattern.
Any help, please?
Eric
At 10:04 PM 11/29/2001 -0600, David W. Tamkin wrote:
linux(_at_)usermail(_dot_)com asked,
| I was to block all mail with the From field that starts
| with a _. This is so I can capture BadTrans without looking through
| the body. I saw this somewhere:
|
| # Stupid BadTrans virus
| :0:
| * ^From: . \<_.*\>$
| /var/log/Badtrans
|
| :0:
| * ^From: _. \(. \)$
| /var/log/Badtrans
|
| I placed this in /etc/procmailrc and tested but it still is not
| capturing. Can I get some input?
They're both flawed. The first requires that there be a space after the
colon, followed by one non-word character, and then the underscore; the rest
of the line can hold anything but it must end in another non-word character.
The second demands the underscore next to the colon, one character that
could be anything, a space, a literal left parenthesis, one more character
that could be anything, another space, and a literal right parenthesis that
ends the line there.
I think that what we have there was written by someone who (a) doesn't
understand the difference between "." and ".*" in regexps, (b) thinks that
all From: lines will always be of the form
From:address (name)
or
From: name <address>
without being aware of
From: address
nor
From: <address>
(c) believes that angle brackets are magic if unescaped and need to be
escaped to be taken literally, and (d) doesn't grasp ORing with the pipe
symbol [not that (c) or (d) would matter if it weren't for misconception
(b)].
Try something like this:
:0: # the brackets enclose caret, space, tab
* ^From:(.*\<)?_[^ ]*@
/var/log/Badtrans
It's not perfect, but after all that's one of the reasons you're spooling
matching messages off to another folder instead of cockily deleting them.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
Eric Krichbaum, MCSE NT4, MCSE Windows 2000, ASE, CCNA, CNA, A+, Net+,
iNet+, CIW
For tech support contact 877-877-1136 x 4
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
Eric Krichbaum, MCSE NT4, MCSE Windows 2000, ASE, CCNA, CNA, A+, Net+,
iNet+, CIW
For tech support contact 877-877-1136 x 4
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail