On Sun, 2010-07-11 at 12:49 +0200, Michelle Konzack wrote: > Hello Experts, > > since arround 9 weeks I become bombed on my E-Mails <linux4michelle> and > <michelle.konzack> by crappy From: spams. Here some examples from my > log: [garbled address samples snipped]
> but I want to do the scanning in spamassassin. > > Any suggestions and ideas? Didn't have sufficient caffeine yet, and I am too lazy to go through that procmail logic in detail -- but looking at the samples, you want to identify junk chars in the From: header? Well, what about a header From rule, maybe even limited to From:addr? Or some raw headers, like From:raw or even the hammer ALL pseudo header. I assume the Envelope From doesn't look the same, does it? Otherwise, you could already have your MX reject them outright. -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}