On Fri, 31 Jan 2003, Professional Software Engineering wrote:
Message-ID: <001500a6ca86$cbb12711$16861307(_at_)jrgqa(_dot_)va>
hostname portion = 5.2. Not within the spec which fleet provided (the
procmail regexp which I constructed was merely a translation of just as far
as he was using in grep, plus the @ terminus - I didn't expand it to limit
the hostname portion to the forms which fleet reported)
Ok. I've dropped consideration of the host name entirely from my ongoing
analysis. The patterns to the left of the "@" seem to be more important.
So far I have identified two that appear to be used only by spammers:
nnncnncnncnc$nnnncncn$nccnnccn
nnnnnncnccnn$cccnnnnn$nnnnnnnn
where "n" = number (digit) and "c" = character (letter).
The patterns appear to be consistent over time - ie, the pattern on top I
identified this morning - in checking against my personal mail archives,
it picked out a spam in a folder I had forgotten about. The message was
dated 24 August 2002
This latest pattern, to date (only a couple of appearances) appears only
with a single "host" - "@afkqelt" for example.
The upper case ID: seems to be pretty common (even occuring on the
Message-ID from panix.com).
Sean, the "repetition" thing works well. I was going crazy trying to get
it to work until I discovered that my RH7.1 "grep" didn't support it; but
"egrep" did.
- fleet -
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail