procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Use scoring to determine header format?

2004-05-18 08:30:29
from [fleet] [Permanent Link] 
On Mon, 17 May 2004, Professional Software Engineering wrote:


One condition line, no scoring:

:0
* ^Received:.*^Received:.*^Received:.*^Message-id:.*^Received:



Oh.

:0
*
^Received:(.*$)Received:(.*$)Received:(.*$)+Message-Id:(.*$)+Received:(.*$)+\
(Date:|Reply-To:|From:|To:|Subject:)
spamtest/gotcha

Again, this works for the first three Received: and Message-Id: lines, but
it continues to catch those with more than one Received: line *after* the
Message-Id.  Am I misunderstanding (.*$)?  I read it as "any number of any
character followed by a newline (or EOL)."

Removing the (.*$) as below works:

:0
* ^Received:.*^Received:.*^Received:.*^Message-Id:.*^Received:.*\
^(Date:|Reply-To:|From:|To:|Subject:)
spamtest/gotcha

(And, Dallman, I suspect your NOT_RCVD would work here also.  It didn't
work in the version with the (.*$); but apparently the NOT_RCVD wasn't the
problem.)

I see "patterns."  Don't know if it's just the way I am or my crytologic
training (or both); but I see patterns.

The "guy" I'm after is this fellow that always has the RCVD RCVD RCVD
MSGID RCVD pattern and a one-work Subject.

Subject: declare
Subject: bullfrog
Subject: jesuit
Subject: woven
Subject: torque
Subject: oral
Subject: western
Subject: irretrievable
Subject: emcee
Subject: competent

Turns out the above recipe catches others (spam) also.  Only turned up one
list message with bunches of Received: interspersed with other headers;
but that had the final five header lines as RRRMR. (Pardon the shorthand.)


In English:

         Three received lines in IMMEDIATE SUCCESSION (no intermediate
headers), then optionally other headers (the + following the third received
expression), then the Message-Id:, followed by optional intermediate
headers (again, the +), followed by another Received:

Lose the + expressions if you actually want the series to be consecutive
headers without intermediate fluff.


Should have reread this!  Explains my confusion above.  Sorry.  I see now
the "+" *IS* "one or more" and not concatenation. Sometimes I'm awful
slow; other times I'm just dense.

My next project is going after my "Dudley Q. Doright" guy:
like From: "Wheedles Q. Blunder"

Thanks for all the help - Everyone!

                                - fleet -


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Mailbox type / Folders, Dave Stern - Former Rocket Scientist
Next by Date:  Re: Mailbox type / Folders, Kai Schaetzl
Previous by Thread:  Re: Use scoring to determine header format?, Professional Software Engineering
Next by Thread:  Re: Use scoring to determine header format?, Professional Software Engineering
Indexes:  [Date] [Thread] [Top] [All Lists]