I have a rule that tests for only 1 Recieved header. If if there's only one
Recieved: line the it make sure it from a internal machine ip because
short-circuiting the delivery:
:0H:
* ! ^Received: .*$+Received: \/.*
* ^Received:.*\(.*\[(10\.0|10\.99|127)\.
$DEFAULT
However, spammer figured to separate the Recieved headers (which are normally
listed together) with another header line like Date:
Received: from atlanticbb.net (72-28-238-080-dhcp.aik.sc.atlanticbb.net
[72.28.238.80])
by ....
Date: Wed, 12 Jan 2011 15:10:38 -0500
Received: from RONN (localhost [127.0.0.1])
by ......
Therefore I've replace my rule with a counter mechanism:
## Count the number of Received Headers (hops)
MAXHOPS=1
:0H
* 1^1 ()(^Received:\ )
{ HOPS = $= }
##
:0H:
* $ ${HOPS}^0
* $ -${MAXHOPS}^0
* ^Received:.*\(.*\[(10\.0|10\.99|127)\.
$DEFAULT
I'm still fuzzy on how the scoring. I'm sure I've messed up what ^0 and ^1
means. If someone can straighten me out, I'd appreciate it.
-Eric Wood
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)de
http://mailman.rwth-aachen.de/mailman/listinfo/procmail