On Tue, 10 Nov 2009, rahlqu...@gmail.com wrote:
On Tue, Nov 10, 2009 at 9:09 AM, John Hardin <jhar...@impsec.org> wrote:
* rahlqu...@gmail.com <rahlqu...@gmail.com>:
Ok regex is not my strong suit by any means. Trying to get a match
for email addresses that start with a pipe character ( about 15% of my
spam is this ).
Richard, could you post the headers from one such to pastebin so we can see
exactly what you're talking about?
Here you are John;
http://pastebin.com/m733a7113
And no, I do indeed mean sent to.
Okay.
Comment: it would be better to catch and reject these at the MTA level, if
at all possible. I'm sure one of the Postfix admins could suggest how to
do so.
How about this?
header ENV_TO_BAR Received =~ / for <\|/
You don't need to match the entire address syntax.
You might want to tighten it up a tiny bit (assuming the headers weren't
sanitized):
header ENV_TO_BAR Received =~ / by dark\.pcsites\.com .* for <\|/
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
I have never learned to fight for my freedom. I was only good at
enjoying it. -- Dutchman Oscar van den Boogaard,
showing why Europe is doomed
-----------------------------------------------------------------------
Tomorrow: Veterans Day
