support a écrit : > On Sat, 2008-12-06 at 23:45 -0500, Theo Van Dinter wrote: >> On Sat, Dec 06, 2008 at 08:00:10PM -0800, John Hardin wrote: >>> mechanism for. Devs: there've been wishes for this before; how hard >>> would it be to add the ability to match on the substring match captured >>> by another rule? Add a flag to say "capture the match for this rule" and >>> a syntax for substituting that into the match RE of another rule, and >>> dependency enforcement? >> Non-trivial. Write a plugin, where it is trivial. :)
trivial indeed: http://www.netoyen.net/sa/FromInTo.pm 1- very quickly tested (so: don't use it ;-p) 2- This checks for the from: header address in the envelope rcpt and in the To: header. not sure this is what OP wanted. > > The implementation of it is not my concern. It's a pretty basic rule to > require that addresses a commonly exploited spam attack vector. having the same address in the From and To is also seen in legitimate mail: - I send mail to myself - some people use their address in the To when they Bcc many people or do you mean comparing the addresses only if the domain is "yours"? the other question is: would such a rule really help? how much spam will it detect? I mean spam that is not detected or blocked by other means (such as DNSBLs, helo check, ... etc). > Do we > just say 'We won't scan for that, it's too complicated'. It's kind of > like not scanning anything over 150k for performance. Spammers make use > of these shortcomings. > > On a different note here, there is starting to be an increase in spam > over 150k. I'm seeing a slowly increasing amount of spam from Asia that > is in the 1meg range. This would choke any rules based scanner in > volume. With bandwidth now cheap (other peoples in particular if you are > using a botnet) it's an increasing concern. > >