procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Use scoring to determine header format?

2004-05-18 13:53:45
from [fleet] [Permanent Link] 
On Tue, 18 May 2004, Professional Software Engineering wrote:


  Am I misunderstanding (.*$)?  I read it as "any number of any
character followed by a newline (or EOL)."


The trailing ? on that expression means ZERO or ONE (i.e. "preceeding
expression is optional").


Sheesh!  No wonder we're having trouble communicating!  That '?' was
really intended to indicate a question! :)

And the *REAL* problem was that I was reading (.*$)+Received as:
"anything up to (and including) the EOL *PLUS* the next Received."  It
finally dawned on me that this "+" was, in fact, "one or more."  Once I
got *that* squared away in my mind, then all your have been saying started
to make sense!


I'd really recomment you pick up a good text on Regexps (keeping in mind
that not all implementationa and extensions are universally compatible, but
about 90% of regexp is quite standard across apps which use regexp).


I visit the grep man pages regularily and (frighteningly) they are
beginning to make sense too! :)


I see "patterns."  Don't know if it's just the way I am or my crytologic
training (or both); but I see patterns.


I see dead people.  Shhhhhh.


ROTFL!!!


The "guy" I'm after is this fellow that always has the RCVD RCVD RCVD
MSGID RCVD pattern and a one-work Subject.


Surely there are other characteristics.


Probably; but I don't know enough about headers and such to identify them.
This is a real problem for me.  If I knew more about faked domains, IPs,
etc. then I probably wouldn't be stuck trying to identify a cur by the
color of its fur or the shape of its tail.


The one-word subject itself could be a beneficial test:


I'm going to add the below to the recipe file as a comment.  Currently,
the recipe is identifying not only the ding-aling I was after; but a bunch
of others as well.  If I start getting too many false positives, I'll add
it.  The bit about the empty space before the EOL is something I hadn't
considered.


:0
* ^Subject:[    ]*[a-z]+[       ]*$


Thanks a million for your instructive assistance.

                                - fleet -


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: auto-verify PGP/MIME messages, Professional Software Engineering
Next by Date:  Re: Duplicates?, Marvin Pierce
Previous by Thread:  Re: Use scoring to determine header format?, Professional Software Engineering
Next by Thread:  Re: Use scoring to determine header format?, Professional Software Engineering
Indexes:  [Date] [Thread] [Top] [All Lists]