Matt, Thanks for the hint about using ToCc - that prompted me to realize my error. I had not supplied FQ addresses in the rule, only user names. The rule would have never fired when I wanted it to fire (and it didn't). The corrected rule is below:
header TO_ADDRESS_BOGUS ToCc !~ /[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED]/i score TO_ADDRESS_BOGUS 4.0 This newly corrected rule is working exactly as expected, and as I result I no longer have to manage a complex set of white and black lists. John Minnihan wrote: > Thanks for the quick reply & bonus suggestion, Matt. > > I'll continue modeling this now that I know !~ should function as > expected, i.e. "return true if the pattern is not matched". > > >> John Minnihan wrote: >> >>> SA Team, >>> >>> I have a fully functional SA installation that is serving me very >>> well. I use Mailscanner and a few custom rules, and am generally >>> very pleased with the results. >>> >>> There’s one more rule that I’d like to run, but haven’t figured >>> out >>> how to implement it. I want to use a header rule that will trigger on >>> any mail sent to my domains that is to an address that is *not* in my >>> test block, for example: >>> >>> header TO_ADDRESS_BOGUS To !~ /my|real|addresses|here/i >>> describe TO_ADDRESS_BOGUS To: contains bogus address >>> score TO_ADDRESS_BOGUS 5.0 >>> >>> I know about blacklists and whitelists and have a solution in place >>> that works ok, but I really want a header rule like the one above. >>> Yes, I’ve searched. Yes, I have found many rules that implement a To: >>> match test but have not found an rule that implements a non-match >>> test. I suspect that my use of !~ is incorrect, but lint is happy with >>> that rule as-is. >>> >>> >> Your use of !~ should work properly here. >> >> However, I might suggest using ToCc instead of To. This will at least >> match mail that's Cc'ed to you... >> >> Of course, neither will match any mail that's Bcc'ed to you, including >> mailing list posts (ie: this list). So make sure you whitelist anyone >> who will send you Bcc'ed mail. >> >> >> > > > -- John Minnihan Founder, Freepository http://freepository.com Software development infrastructure since 1999 Blog: http://commavee.com
