Harald Binkle wrote: > > What about a new eval function comparing the matches of two regular > expression? > If there would be a function like > > eval:*Equals*(/regex1/,/regex2/) and eval:NOTEquals(/regex1/,/regex2/) > > it would be easy *to* define rules like: > > a rule scoring, say with 0.8 points, if there is only one recipients > *address* and > that one *equals* the senders *address* but they have different 'name > parts'? Like: *TO*: "User Name" <us...@domain.com> *FROM*: "viagra > offer" <us...@domain.com> > > There are a lot of spam mails with that structure trying * to* get > through because > many people have their own domain on the whitelist. > Seems over-specialized to me, someone could write a plugin for it and see how well it works.
Personally I tend to deal with this by using the MTA to reject mail with a envelope from that's my domain but the sending IP isn't one of my own servers. I've not seen this flood of "to and from are same" spam that many folks are trying to get around. > I tried *to* set this up as rule but with no luck. I fear it is not > possible *to* do > this with a regular expression as it is not possible *to* compare > results of a regular expression in a regular > expression. > > And the AWL does not work for mails with this structure. If the sender > address was set to the recipients address the AWL is fooled and the > mail gets a negative score. > It shouldn't do that unless your trust path is broken. The AWL notes what the first untrusted IP address is, and that should be different from spammers.
