On Thu, 3 Jun 2004, Dallman Ross wrote:
No, Sean, Fleet doesn't mean the topmost Received. He means the bottommost.
For purposes of clarification, it's the Received: line that winds up in
the MATCH as a result of this recipe:
:0
* $ 1^1 ^Received:[ ]*\/from\>.+
*My* (leased) server is located in Dallas, TX. *I* am located in
Pennsylvania. I don't seem to be able to access the pop server that
handles the mail for my (and my clients') domains - so I assume that's on
a physically different machine.
I'm under the impression that if the sending party fails to provide any
information, the information in the Received field is provided by "my"
(mail)server - I may be confusing this with Message-Id.
I receive traffic from a few lists where the "bottom-most" Recieved line
is by my server (ie, by raq2.xxxx.com). (This is not really a problem,
since I snag list traffic before I start looking for spam.)
I also receive messages from individuals in organizations that apparently
have their own server and the "bottom-most" Received reflects "by
raq2.xxx.com" (which makes sense to me.) This is probably my single most
frequent "false positive" for this rule. Unfortunately, this rule tags
almost as much spam as all the rest of my rules put together.
I asked the question(s) because:
1. I need to know more about headers (and this line in particular). I'm
woefully ignorant in this area (as everyone has now discovered!) :)
2. I wanted to find out if there is a "procmail" way to identify when this
line is faked/forged.
3. I wanted to see if there was a way I could reduce (or eliminate) the
false positives.
Many of "you folks" tend to put $10 worth of info in a $1 sentence. I
sometimes have to stretch a little to understand things. Not a bad thing,
I suppose, but sometimes a little time consuming. :)
I hope the above cleared things up a little.
- fleet -
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail