use the
assp-do-not-optimize-regex
tag in the file (read the GUI explantion at the bottom) , to keep the
capturing.
start the regex with
(?:^|\n)From:
>The problem is, the whitelist recognizes the whitelisted address and
passes the message through bypassing most of our checks and filters.
This is fixed in the latest version - read the changelog.
Thomas
Von: "Dev Null" <jiveformat...@gmail.com>
An: assp-user@lists.sourceforge.net
Datum: 29.09.2017 06:18
Betreff: [Assp-user] Back reference in bombHeaderRe?
Hi there,
First of all, my apologies if this has been covered before. Due to some
trouble I've had with some of our email partners not following standards,
I've been unable to upgrade to the latest version of ASSP.
I'm currently running 2.4.5(15229).
My current issue is that some of my users have started receiving a
particular type of spam.
The "From" line includes a whitelisted email address where the name would
normally be and the actual email address is different. e.g.:
From: good_email@whitelisted_company.com <evil_sender@throwaway_domain.com
>
The problem is, the whitelist recognizes the whitelisted address and
passes the message through bypassing most of our checks and filters.
I was thinking I could add a line to the bombHeaderRe like:
^From:\s+([._[:alnum:]-]+@[._[:alnum:]-]+)\s+<(?!(\1|mailto:\1))=>0.9
Which should block any message where if there's an email address in the
"name" portion of the line, it must match the email address in the angle
bracket portion.
The problem is that it looks like bombHeaderRe converts all the capture
groups to non-capture groups, so the back-reference doesn't work.
Also, ideally, this check would happen before it's classified by the
whitelist.
Please let me know if you have any suggestions.
Thanks so much,
J.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
