Ruud H.G. van Tol schreef:
Recipe set to match stock/pharma-gif-spam:
s = '[ ]' # a space and a tab
It has evolved somewhat:
b = '[ ]' # blank (space + tab)
v = '[0-9A-Za-z]'
v2 = "$v$v" v3 = "$v2$v"
v4 = "$v2$v2" v6 = "$v4$v2"
v8 = "$v4$v4" v12 = "$v8$v4"
#------------------------------------------------------------
:0
* ^^(From |Return-Path: <)[^ @]+(_at_)\/[^ >]+
{ DOMAIN = $MATCH }
:0
* 1^1 ^Received:
{ } N_RCVD = $=
:0
* ^Content-Type: multipart/related;.*\
boundary=(\")?\/[^\"]+
{ H_CTB = $MATCH }
:0
* ^Message-ID:.*\/[^ <@]+(_at_)[^>]+
{
H_MID = $MATCH
:0
* H_MID ?? ^^\/[^(_at_)]+
{ MID1 = $MATCH }
:0
* H_MID ?? @\/.+
{ MID2 = $MATCH }
}
#------------------------------------------------------------
:0
* N_RCVD ?? ^^(1|2)^^
*$ H_CTB ?? ^^----=_NextPart_000_${v4}_$v8\.$v8^^
*$ MID2 ?? ^^[^.]+^^|@$\DOMAIN^^
* ^MIME-Version: 1\.0\
^Content-Type: multipart/
*$ B ?? ^--$\H_CTB\
^Content-Type: image/gif;\
^$b+name=\"[^\"]+\.gif\"\
(^Content-Transfer-Encoding: base64)?\
^Content-ID: <\
($v12[$]$v8[$]$v8(_at_)$MID2\
|$v12[$]$v8[$]$v+(_at_)$v8\
|[^ >(_dot_)(_at_)]+\(_dot_)gif@$v8\.$v8\
)>$
.in.suspect/
#------------------------------------------------------------
:0
* N_RCVD ?? ^^(2|3)^^
*$ H_CTB ?? ^^$v+^^
*$ MID2 ?? $\DOMAIN^^
*$ ^From: [^\"<]+ <[^(_at_)]+@$\DOMAIN>$
*$ B ?? ^--$\H_CTB\
^Content-Type: image/gif;\
^$b+name=\"[^\"]+\.gif\"\
(^Content-Transfer-Encoding: base64)?\
^Content-ID: <$v+(_at_)$\DOMAIN>$
.in.suspect/
--
Groet, Ruud
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail