At 17:10 2005-04-23 -0500, Gerald V. Livingston II wrote:
Will this:
* ! ^From.*\"James\".*\<\*\*\*\*\*\*\*(_dot_)*\(_at_)(_dot_)*\>
Catch this?
.From: "James" <*******************(_at_)mail(_dot_)sysmatrix(_dot_)net>
Gerald, surely you've heard of a sandbox by now? Using a sandbox, it's
quite easy to verify this sort of stuff.
I'll assumme the leading dot is a typo - surely you mean:
^From
FTR, the From.* bit will also attempt to match the From_ header (envelope),
which should NEVER have a quoted name portion (nor should the address
appear in brackets). As such, you may as well put the colon following the
From. I must wonder - is his ENVELOPE address really similarly munged?
This guy is going to have NO luck with mailing lists that don't permit
posts from anyone other than known s*bscribers.
Also, you're INVERTING the condition, so it's more like "will this NOT
catch this?"
The trailing \> on the regexp is wholly unnecessary - at a minimum, an EOL
marker would match.
A buddy of mine has apparently taken some dweeb's suggestion for spam
prevention by altering the "Email address" in his Outlook Express settings
to prevent people from automatically adding him to their address books.
dweeb indeed. Everybody attempting to so much as REPLY to this guy is
going to have trouble, so he can expect his legitimate contacts to drop
sharply too.
His actual address is jbishop at tejasph dot com. I don't have the
sysmatrix mail servers spam checking set rabid enough to insist on a valid
"From:" so the messages come through and the sysmatrix mail server tries to
guess at what to stick in there. The current spam scanner does insert this
header:
You mean, the domain portion of his email address is actually inserted
locally, and what he's actually using is a domain-less address? Same goes
for the envelope?
I have a procmail filter that checks to see if the From: address is at a
local domain and if so, whether the local MTA considers it a deliverable
address -- if not, trasholla. This deals with fscking spammers who
deliberatley forge their messages to be from your own domain.
Because he's using SMTP Auth to be able to send email through his server
and it puts a proper "Sender:" header in the delivery envelope. But I'm not
sure a similar header will be added to the final email when I shift the
server to SpamAssassin/PostFix.
This cluebie is going to be using YOUR mail servers?
To make sure I'm reading my own recipe correctly:
This: * ! ^From.*\"James\".*\<\*\*\*\*\*\*\*(_dot_)*\(_at_)(_dot_)*\>
says:
"From followed by one or more of any character followed by "James" followed
by one or maor of any character followed by < followed by at least 7 *'s
followed by one or more of any character followed by @ followed by one or
more of any character followed by >"
Er, no -- "\<" and "\>" are procmail regexp macros for wordbreaks. If you
want a literal < or >, then lose the escape. Also, if you're looking to
actually match this guy's messages, you need to eliminate the inversion
operatior: "!". Unless you're excerpting this from a recipe that filters
for junkmail and you're trying to NOT filter on messages which match his
curious anti-abuse address.
If you're going to match on his From address and you're not matching on the
explicit string in his messages, why not just match as:
* ^From:.*"James".*<\*+@(list-of-domains)>
Frankly, I'd just up the settings on the MTA to properly reject messages
bearing addresses of invalid syntax, and let him contend with the
bounces. Clue him in.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail