On Fri, 12 Mar 2010, Dennis B. Hopp wrote:
describe FORGED_YAHOO Yahoo with non-Yahoo Reply-to address
header __FORGED_YH1 From =~ /\...@yahoo\.com/i
header __FORGED_YH2 Reply-to =~ /\...@yahoo\.com/i
meta FORGED_YAHOO (__FORGED_YH1 !__FORGED_YH2)
The problem with this
The problem with this is that the !__FORGED_YH2 matches
when there is *NO* Reply-To header at all!
You need something like this:
header __FORGED_YH2 Reply-To =~ /\@([^y]|y[^a]|ya[^h]|yah[^o])/i
meta FORGED_YAHOO (__FORGED_YH1 __FORGED_YH2)
(remove the negation from the meta)
On Fri, 2010-03-12 at 12:52 -0600, Dennis B. Hopp wrote:
The problem with this is that the !__FORGED_YH2 matches
when there is *NO* Reply-To header at all!
You need something like this:
header __FORGED_YH2 Reply-To =~ /\@([^y]|y[^a]|ya[^h]|yah[^o])/i
meta FORGED_YAHOO
On Fri, 2010-03-12 at 13:19 -0500, Charles Gregory wrote:
describe FORGED_YAHOO Yahoo with non-Yahoo Reply-to address
header __FORGED_YH1 From =~ /\...@yahoo\.com/i
header __FORGED_YH2 Reply-to =~ /\...@yahoo\.com/i
meta FORGED_YAHOO (__FORGED_YH1 !__FORGED_YH2)
