Dallman, thanks for the tips!
On Wed, Aug 28, 2002 at 06:02:43AM -0400, dman(_at_)nomotek(_dot_)com wrote:
COUNTReceived=`sed '/^$/q' | grep -c '^Received:'`
...
If you really want to count the Received: lines, how about:
:0
* 1^1 ^Received:
{ countRCVD = $= }
Thanks! The existence of that variable wasn't very obvious in the man
pages; it's in procmailsc(5) but only in BUGS in procmailrc(5). :)
* COUNTReceived ?? ^1$
Perhaps you meant the more canonical
* COUNTReceived ?? ^^1^^
Is one format superior to the other? I don't see the difference,
unless perhaps the ^^ form gets parsed faster. Is it significant,
or just an equivalent alternative?
I understand that you're quitting if the only Received: line is
local and appears valid; but this seems a cumbersome method.
I'll leave it, for now, though, with only this comment: it
seems like a lot of work used on every mail merely to save
us from a small-likelihood possible spoof case. (If we're
going to look so hard for spoofs, we might as well ID them
as such right away, too, btw. Anyway, this kind of reminds me of
a doctor who'd do a blood check for smallpox vaccinations before
dispensing aspirin for the flu.) :-)
My thought was to take a little time to identify local mail so as to
avoid wasting time doing the rest of the analysis on those messages.
In otherwords, not bothering to do a smallpox vaccination if the patient
comes in with a nail through the hand. But all things considered, the
extra effort to *check* for that nail probably isn't warranted, given
the frequency with which that occurs.
:0 # if it's local mail (including via our mailhost), deliver it
* $ $INFINITY^0 ^Received:.*\<myispname.com \[566\.684\.
* $ 2^0 ^Message-ID:[$WS]*<[^$WS]+(_at_)localhost>$
* -1^2 ^Received:
$DEFAULT
This counts the Received: headers at the same time that it's
conducting the reasonable secure test of a valid Received: line.
If there are too many, it won't consider the mail local.
But if you need to do that count more than once, isn't it faster to use
a result stored in a variable? So for sendmail, maybe something like:
MYDOMAIN=| hostname | sed "s/`hostname -s`\.//"
# And per RFC2822 sections 3.6.4 and 3.2.4:
ATEXT="a-z0-9!#\$%\'\*\+/=?^_\`{|}~.-"
:0
* $ ^Message-ID:[$WS]*<[$ATEXT]+@(localhost|([a-z0-9]+\.)*$MYDOMAIN)>$
* $ 1^0 ^Received: \(from [a-z0-9_(_dot_)-]+(_at_)localhost by
([a-z0-9]+\.)*$MYDOMAIN
* -1^1 ^Received:
$DEFAULT
:0 E
* ^Message-ID:[$WS]*\/.+
* !$ ^Message-ID:[$WS]*<[$ATEXT]+(_at_)[$ATEXT]+>$
| formail -A "X-Spam: invalid Message-ID: '$MATCH'"
MYDOMAIN=`hostname`
Perhaps $HOST already works without forking a shell. Try it; I'm not sure.
Or in any case, I'd probably just hardcode the name in to stop an extra
process on every piece of mail.
HOST shows the hostname, but not the domain name. I have a procmail
recipe list which gets used in multiple locations which includes:
:0
* ! MYDOMAIN ?? .+
{
MYDOMAIN=`hostname`
:0
* MYDOMAIN ??
[a-z]+[a-z0-9]+\.\/[a-z]+[a-z0-9]+\.(com|net|org|biz|info)(\.([a-z][a-z]))?$
{ MYDOMAIN=$MATCH }
:0 E
* MYDOMAIN ??
[a-z]+[a-z0-9]+\.\/[a-z]+[a-z0-9]+(\.(bc|ab|sk|mb|on|qc|pe|ns|nf))?\.ca$
{ MYDOMAIN=$MATCH }
:0
* ! MYDOMAIN ?? [a-z0-9][a-z0-9-]+\.[a-z]+
{
LOG=" ERROR: can't determine domain name from ${DQ}${MYDOMAIN}${DQ}${NL}"
MYDOMAIN=""
}
:0 E
* MYDOMAIN ?? [a-z0-9][a-z0-9-]+\.[a-z]+
{ LOG=" NOTICE: MYDOMAIN calculated as ${DQ}${MYDOMAIN}${DQ}; you should set
this in your procmailrc.${NL}" }
}
Okay. :) Here's my "ATCOUNT" thingee:
Cool! Thanks! But...
:0 # add the subtotals, subtract 4 "gimmes"
* $ $=^0
* -4^0
{ TOO_MANY = $ATCOUNT }
Is the TOO_MANY variable actually useful for anything? Aren't
cases where there are more than two CC recipients *really* common?
My format checking is simpler, though it doesn't do as much:
SPC="[ ^I]"
:0 fhw
* $
^(To|CC|From):${SPC}*\/(@.*|("[^"]")?${SPC}*@|[^"]*(_at_)[^"]*(_at_)(_dot_)+|(_dot_)*[_(_dot_)](_dot_)*[_(_dot_)](_dot_)*(_at_)(_dot_)+|@[^a-z0-9]+)$
| formail -A "X-spam: invalid address: '$MATCH'"
It too is imperfect, but I poke at it occasionally when my caffeine
levels are high enough.
--
Paul Chvostek
<paul(_at_)it(_dot_)ca>
Operations / Abuse / Whatever +1 416 598-0000
it.canada - hosting and development http://www.it.ca/
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail