A request for assistance from any regex guru’s.
I am trying to block/hold/identify the following FROM field in
header_checks:
“[email protected]” <[email protected]>
The sender is trying to spoof example.com in the Display Name part of the
FROM.
I am not concerned with:
"[email protected]" <[email protected]> or
<[email protected]>,
"[email protected]"
as I have a strict_client_domain setup for example.com which works fine.
I am a bit fuzzy on lookahead/lookbehind regexes if that is what is needed.
So if the FROM address matches "@example.com.*<"
BUT does not have a "<.*@example.com"
I want a regex to flag it.
Possible? Thanks for your considerations.
