Perhaps I'll elaborate. We have a deprecated ISP account which I'll call [EMAIL PROTECTED] . I notice a lot of spam not being tagged with too low a score going to this address, but a distinguishing feature of much of it is that the To: header contains [EMAIL PROTECTED] . So, I want to be able to tell SA that anything which contains To: [EMAIL PROTECTED] but does not contain To: [EMAIL PROTECTED] is most likely spam.
What I really would like is a regex to place in a HEADER test, but I'm a novice at regexs and can't see a way to do this. Perhaps there is?
Matt Kettler wrote:
At 07:52 PM 2/17/2004, Damon McMahon wrote:
I want to be able to tag mail with certain domains in the To: header, but then exclude certain addresses from this filter; something like:
blacklist_to [EMAIL PROTECTED] unblacklist_to [EMAIL PROTECTED]
There does not appear to be an unblacklist_to directive. Can anyone assist?
It should be noted that blacklist_to was kind of added as an afterthought.. so it's not surprising it lacks an un* feature.
It was mostly added because all the other combinations of (black|white)list_(from|to) existed, except that one.
You might try: blacklist_to [EMAIL PROTECTED] whitelist_to [EMAIL PROTECTED]
and see what wins out.
