On 2/6/2017 3:23 PM, Istvan Prosinger wrote: > Hi All, and Happy New Year with a little delay :) > > Comming to spam, header checks are one tool that I use frequently to > prevent it. > > So, amongst all, I have this: > > if !/^Subject: (.*)[Aa]liexpress/ > /^Subject:(.*)% [Oo][Ff][Ff]/ REJECT Go away spammer > endif > > And this worked fine until _today_, when I got one email (and it > wasn't from Ali) that had a subject: > > You’re In Luck | Up to 70% Off > > As for the regexp, I think this should definitely be a hit, but it > got thru. First I thought that something bugged because of the | > sign, but no. > I've sent several tests from an external account and it's geting thru. > > I need a 4-eye method - what the heck am I missing here? > > Best, > Istvan > > >
Oy, what an awkwardly awkward redundant expression that is up there above. Postfix regular expressions are case-insensitive by default, so the [Aa] nonsense is unnecessary. Encapsulating the wildcards with () is unnecessary unless you plan to use the result later. The generic "go away spammer" is useless for debugging your header_checks much better: if /^Subject: / if !/aliexpress/ /% off/ REJECT percent off endif endif and that could probably be further improved... That said, your expression probably mostly works. Remember that header_checks won't match encoded subjects, and only one action is allowed per header, so if this header hits any prior rules (such as a WARN, INFO, DUNNO) then it won't be rejected. -- Noel Jones