On Sun, 2010-07-11 at 12:49 +0200, Michelle Konzack wrote:
> Hello Experts,
>
> since arround 9 weeks I become bombed on my E-Mails <linux4michelle> and
> <michelle.konzack> by crappy From: spams. Here some examples from my
> log:
[garbled address samples snipped]
> but I want to do the scanning in spamassassin.
>
> Any suggestions and ideas?
Didn't have sufficient caffeine yet, and I am too lazy to go through
that procmail logic in detail -- but looking at the samples, you want to
identify junk chars in the From: header?
Well, what about a header From rule, maybe even limited to From:addr? Or
some raw headers, like From:raw or even the hammer ALL pseudo header.
I assume the Envelope From doesn't look the same, does it? Otherwise,
you could already have your MX reject them outright.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
