On 22 Apr, Kim Scarborough wrote:
| >
| > Doh! This is more simply done:
| >
| > OCTET='(0|[1-9][0-9]?|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))'
| >
| > :0
| > * 1073741824^1 ^Received:\/.*by (astro\.snellfamily\.com|\
| > jinx\.unknown\.nu)
| > * ! MATCH ?? from astro\.snellfamily\.com.*by jinx\.unknown\.nu
| > * $ MATCH ?? ()\[\/$OCTET\.$OCTET\.$OCTET\.$OCTET
| > { CHECKIP=$MATCH }
|
| Thanks to you and everyone else who helped. I've had this in place for a few
| weeks and it's been working great.
|
| One question: is there any significance to "1073741824", or is that just a
| miscellaneous high number?
It's 2147483647 / 2 then rounded up. The w^x syntax tells procmail it's
a scored condition. See man procmailsc. In this case procmail adds
1073741824 * 1 each time the condition matches. When the total score
of all scored conditions reaches 2147483647, procmail considers them
all a match and stops processing them. (Non-scored conditions are still
processed.) This number, 2147483647, is commonly called the supremum.
The infemum, -2147483647, works similarly, considering all scored
conditions to not match as soon as the total score reaches that number.
Half of the spuremum, 1073741824, was chosen so that procmail would stop
looking after finding 2 matching Received: headers. It could have been
any number between 1073741824 and 2147483647. It would probably work
with any positive number, but then procmail would continue scanning the
headers looking for a match it isn't likely to find. If it does find
it, it's forged and you don't want to consider it.
--
Email address in From: header is valid * but only for a couple of days *
This is my reluctant response to spammers' unrelenting address harvesting
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail