Ok - thanks - that works better for a number of reasons - (I'll post the
running verison once I play with it) - by making sure I am testing the first
header, I don't need to care about example.com (which is good, cause then I
can put the rule in my maildroprc where I call spamassassin from.
When I use your original example I get "Syntax error after =."
# if ( $i == 1 && ( ! $MATCH =~ /Received: .*\(AUTH: [^)]*\)
*by \
# [:alnum:]*.SOMEDOMAIN.com/) )
I'm NO maildrop guru - I started with what you sent, trying to get rid of
the domain check - The part that seems to give me trouble is:
( ! $MATCH =~ /Received: .*\(CRAP\) *by/)
Keeping in mind that the original header looks like this (below) could the
multiline format of the header cause the match to fail or is it something
else?:
Received: from a1200 ([24.83.X.X])
(AUTH: LOGIN [EMAIL PROTECTED])
by bigass1.XXX.com with esmtp; Thu, 08 Jan 2004 00:04:43 +0000
The whole snippit for context:
if ( $SIZE < 512000 )
{
i=1
foreach /Received: /
{
# if ( $i == 1 && ( ! $MATCH =~ /Received: .*\(AUTH: [^)]*\)
*by/) )
# if ( $i == 1 && ( ! $MATCH =~ /Received: .*\(CRAP\) *by/) )
#THIS WORKS:
if ( $i == 1 )
{
xfilter "/usr/bin/spamc -U
/var/run/spamassassin.sock -u $UI_Email"
}
i=$i+1
}
}
Thanks!
m/
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Gordon
Messmer
Sent: Wednesday, January 07, 2004 10:31 AM
To: [EMAIL PROTECTED]
Subject: Re: [courier-users] Seeming issue between SA & courier... WAS
RE: [SAtalk] RCVD_IN_DYNABLOCK,RCVD_IN_SORBS in 2.61 when sending myself
a test message?
Mitch (WebCob) wrote:
> Good idea, but is it really that simple?
Yeah, why not?
> I would only want to do this for
> the top Received header - if I test all headers a spoofed auth header can
> bypass spamassassin.
If you're really that paranoid about it, you can probably flesh this out:
i=1
foreach /Received: /
{
if ( $i == 1 && ( ! $MATCH =~ /Received: .*\(AUTH: [^)]*\) *by \
[:alnum:]*.example.com/) )
{
xfilter "/usr/bin/spamc"
}
i=$i + 1
}
There's probalby something wrong with that. I didn't test it.
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
