On 02/03/13 01:40, John Hardin wrote:
On Sat, 2 Mar 2013, Ned Slider wrote:
On 01/03/13 19:55, Alexandre Boyer wrote:
The famous 5 recipients...
I had a (very) few exceptions while having the very same pattern in
body. With 4 recipients instead of 5, and sometimes one among the 5
with
no To:address, just To:name, wich was harder to count...
I removed the similar rule as your __RP_D_00040 from my systems to
avoid
false negatives.
And no FP for a long time on this rule (this is an old bot, first saw
last summer, but probably older but unnoticed).
The example I posted earlier today had 7 recipients listed in To:
(sorry, I redacted them).
Rather than using a rule specifically for 5 recipients, I would use
the existing __MANY_RECIPS rule in the meta rule.
That said, I just checked my example, and __MANY_RECIPS failed to
fire. Here's the current rule:
header __MANY_RECIPS ToCc =~ /(?:\@[^@]{5,30}){3}/
Can someone explain the regex and why it fails to fire for 7 recipients?
(@, followed by 5-30 non-@ characters) repeated three times.
If the username + domain name + inter-address punctuation is longer than
30 chars it won't work.
I don't see a good reason for the upper limit, or at least for one that
restrictive. The To and Cc headers aren't going to be unboundedly long.
Thanks John (and others).
Yes, the limit of 30 looks too small. I just created a local rule upping
the limit to 100 and it now fires as expected.
John - can we increase the limit?
