Hi there,
First of all, my apologies if this has been covered before. Due to some
trouble I've had with some of our email partners not following standards,
I've been unable to upgrade to the latest version of ASSP.
I'm currently running 2.4.5(15229).
My current issue is that some of my users have started receiving a
particular type of spam.
The "From" line includes a whitelisted email address where the name would
normally be and the actual email address is different. e.g.:
From: good_email@whitelisted_company.com <evil_sender@throwaway_domain.com>
The problem is, the whitelist recognizes the whitelisted address and passes
the message through bypassing most of our checks and filters.
I was thinking I could add a line to the bombHeaderRe like:
^From:\s+([._[:alnum:]-]+@[._[:alnum:]-]+)\s+<(?!(\1|mailto:\1))=>0.9
Which should block any message where if there's an email address in the
"name" portion of the line, it must match the email address in the angle
bracket portion.
The problem is that it looks like bombHeaderRe converts all the capture
groups to non-capture groups, so the back-reference doesn't work.
Also, ideally, this check would happen before it's classified by the
whitelist.
Please let me know if you have any suggestions.
Thanks so much,
J.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
