1. The field is of the format "Real Name" <[EMAIL PROTECTED]>, and
2. The first four characters of the real name do NOT match the first four characters of the email address.
The reason is that I am seeing lots of spam addressed to things like: "Nicole N. Inquisitor" <[EMAIL PROTECTED]>
I know that my regular expressions work if I plug them into a perl script, but the rule still isn't firing. This is what I have:
header __FAKE_TO_NAME1 ToCc =~ /^\s*".*"\s+<[EMAIL PROTECTED]>\s*$/i
header __FAKE_TO_NAME2 ToCc !~ /^\s*"\s*(\S{4}).*"\s+<[EMAIL PROTECTED]>\s*$/i
meta FAKE_TO_NAME (__FAKE_TO_NAME1 && __FAKE_TO_NAME2)
describe FAKE_TO_NAME Addressed to a faked real name.
score FAKE_TO_NAME 1.0
This is in a myrules.cf file in /etc/mail/spamassassin. I've run --lint on it and gotten no errors.
Any ideas? I'm almost suspecting that the ToCc is not showing me the real name part of the address?!
Thanks, Kevin
