Here's what I just started using at the beginning of this month:
# 20030501/0809 SBS
# Hokey HTML commenting
#
:0
* < 25000
* -10^0
* 1^1 B ?? (<!--)
{
SPAMVAL="+175"
SPAMMISHNESS="${SPAMMISHNESS}${SPAMVAL}"
SPAMNOTES="${SPAMNOTES}SPAM: ${SPAMVAL} Advisory - abundance of HTML
comments${NL}"
}
I allow for a few such comments, but not many. I don't honestly think you
should need to worry about maching them up with their closing construct.
If you're on lists which exchange HTML source code often, you may need to
make considerations (as comments are legitimatley inserted when discussing
code). Though I'm not on many lists doing HTML (and I despise HTML emails
in general, though included HTML _code_ is a different matter), the above
rule certainly hasn't yet hammered anything it shouldn't have.
I've noted a fair number of the spams have singleword comment fields, which
should match:
* ()<!--[ ]*[a-z0-9]+[ ]*-->
(I haven't used that, but if you do, it may need some tweaking).
If I were to implement such a filter, I'd jack up the score on the
single-word comments, since they're especially bogus in nature.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail