On Mon, 12 Jul 2010, Karsten Bräckelmann wrote:
header LOC_WEIRD_FROM From =~ /<[...@\>]*[\^\`\ ]...@\>]*@/
# note: the '[...@\>]*' confines the match to within a local address part
Using From:addr instead is better and more accurate.
Provided the spammer doesn't use more than one address on the From
header..... :)
That RE is more complicate than it needs to, yet might even match the
real name. From is not From:raw.
From:raw, acording to docs, only prevents decoding of quoted printable
and base 64 strings, and preserves whitespace. So the RE, as given, looks
for the angel bracket at the beginning of ALL possible addresses, and
scans for the undesirable characters. I don't see any unnecessary
complexity in the RE (except that yes, you could use From:addr and
eliminate the sections that pin-down address, but I've already explained I
prefer an RE that captures ALL addresses, not just the first).
As a footnote to OP, these characters ARE 'legal' even though rarely used.
That's why you can't score too high...
But I posted that solution yesterday already. Coming late to the show,
eh? ;)
1) Syadmins New Year's Resolution: I will read all posts before
responding.
2) Sorry, I got used to seeing so much *discussion* trying to dissect what
was, to me, an obvious problem that I got fed up with it, and figured no
one else was posting a rule, so I would....
Great minds, and all that? :)
- C
