Steve wrote: > Loren Wilton wrote: > > > Valid email addresses have a well-known structure (i.e. > > > [A-z.]*_NAME) so, for example [EMAIL PROTECTED] is clearly a > > > bogus address. > > > > Off the top of my head you might be able to do something like > > (untested): > > > > header __GOOD_NAME To =~ > > /[A-Za-z]{1,30}_[A-Za-z\d\.]{2,40}\@(?i:domain\.com)/ > > meta BAD_NAME !__GOOD_NAME > > score BAD_NAME 2 > > > > Above is based on the assumption that "NAME" includes only letters, > > numbers, and dots. If it can also have underscores then you could > > just do \w{2,40} or the like for the second part. > > Hmmm - not a bad start, I guess. If I were to put something like this > in individual users' .spamassassin/user_prefs - then I could be even > more restrictive about NAME. I am concerned, however, that this might > not cope well with mailing lists (where To is the mailing list name) > or in circumstances where the user is CC'd rather than addressed > directly.
That can be fixed by having the MTA (or MDA) add a "Delivered-To" header indicating the user the message is being delivered to. Then you can use this header rather than having to rely on something sensible being in the "To" or "Cc" headers. -- Bowie