> > (You do need at least {28,29} to make it work.)
>
> Hmm... the rule submission used {28}.
Huh. I was looking at my original code and didn't notice Bob had simplified
the SARE version. I thought I had seen {28,30} there. Have to go back and
look again, I guess.
> > This one is almost too easy. The Message-ID is always 28 or 29
> > uppercase alpha characters ending in either AA or AB, followed by a
> > dot, followed by the complete sender's email address including the
> > domain. Also, the timezone is always +0000, similar to ratware #2
> > above. Many other details vary, such as the claimed mailer. However,
> > we have some constants.
>
> Hmmm... I suspect we could ignore some of those details if the FP rate
> is already zero, but we might want to note them in a comment.
Sure. The RE I had didn't even bother with the (AA|AB) stuff, it just
tailed the message-id and compared it to the sender. I'm pretty sure that
you do have to check the length of the mid though, or it might fp. Too long
since I wrote that and ran the variant checks to remember exactly what fp'ed
and what didn't.
> > Usually the From follows the Message-ID, but not always. So we have
> > to do this check twice.
>
> The eval function would address that.
Sure.
Actually what I would have liked to do in just plain rules would have been
something along the lines of
header __x1 MESSAGEID =~ /A(?:A|B).{27,28}(.*)$/; $tail = $1
header bogus_msg From =~ /^$tail$/
But that woudl take being able to extract variables. (And probably knowing
more Perl syntax than I do, I'm sure that above wouldn't be the way it is
done.)
Loren
