On Mon, 17 May 2004, Professional Software Engineering wrote:
At 16:44 2004-05-17 -0400, fleet(_at_)teachout(_dot_)org wrote:
I'm seeing spam messages that appears to be from one individual (or
perhaps one software) that have a specific header format as:
[header format snipped]
matching the above as-is certainly doesn't mandate using scoring to achieve
it.
I'm not sure what you're saying here. I tried, without success:
* Received:
* Received:
* Received:
* Message-id:
* Received:
I've used the following recipe for a long time:
* ^(From|Date|Subject|Reply-To):(.*$)+Received:
This works; but doesn't restrict the matches with respect to number (of
course). But now I'm confused about the '+'. Here it seems to be
concatenation and not "one or more."
I should warn you that while this used to be pretty consistently spam, some
mailing lists, which insert headers, have a tendancy to trip it.
I found my nemesis The Python Tutor list among those that insert header
material. :)
There's no RFC which declares that Received headers must appear before others.
And that answers my other question! Thank you.
Back to scoring:
The following seems to work except for one problem:
:0
* -4^0
* 1^0 ^Received:(.*$)+Received:
* 1^0 ^Received:(.*$)+Received:
* 1^0 ^Received:(.*$)+Message-Id:
* 1^0 ^Message-Id:(.*$)+Received:
* 1^0 ^Received:
spamtest/gotcha
The problem is - How do I say in the last condition "Received: followed by
NOT Received. I tried * 1^0 ^Received:(.*$)+[^Received:], which didn't
work. (I didn't think it would, but it was worth a try.) I'd like to get
this to work even if the recipe turns out to be useless. I'll have
learned a bunch.
- fleet -
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail