On Fri, Jan 05, 2007 at 10:25:41PM -0500, Jim Witte wrote:
How would I write a filter that would filter out messages
where part of the From field matches the beginning of the Subject
field? I've noticed a huge amount of spam in the following form:
> From: "<x> Madrid" <indication'scoarser(_at_)abs-cbn(_dot_)com>
> To: <jsylvest(_at_)indiana(_dot_)edu>
> Subject: <x> wrote:
I have a recipe set that does this, but it's too complex to
post here now. But an easy way is this:
:0:
* ^From:[ ]*["]\/[^ ]+
* $ ^Subject:[ ]*$MATCH ()
$spam
It makes more algorithmical sense to turn the logic around, though.
Look for a Subject with "<x> wrote:" and find the <x> and look for
it in the From:.
:0
* ^Subject:.*\/[^ ]+ wrote:$
* MATCH ?? ^^\/[^ ]+
* $ ^From:[ ]*["]$MATCH ()
$spam
That's so you only bother continuing to process messages that
are "promising" in regard to the spammer's particular signature.
In cases of all five brace sets above, there is always a space and
a tab where you see blank space.
However, I don't generally believe in writing recipes to deal
individually with one spammer's efforts. I get those spams too,
but I catch them via more general means.
Dallman
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail