On Tue, 2004-05-25 at 21:49, Nick Gilbert wrote:
> I'm receiving several bounce messages a minute seemingly because a
> spammer is using my catch-all domain name to send e-mail from. Is there
> a way I can make a general rule which gives a high score to any bounce
> which contains @mydomain.com but does NOT include [EMAIL PROTECTED]
> which is the address I normally send from? I'm new to this rules business...
[...]
I wrote the following rule to catch bounces that include my e-mail
address but a "wrong" name in the From header: (you might want to check
the archives for some discussion about this)
body __NICK_FAKE_BOUNCE_SUB1 /From\:\s.{0,30}\s*<[EMAIL PROTECTED]>/i
body __NICK_FAKE_BOUNCE_SUB2
/from\:\s(?!(?:"?Nick\sGilbert"?\s)|(?:"?Gilbert\sNick"?\s)<[EMAIL
PROTECTED]>)/i
meta NICK_FAKE_BOUNCE (__M8RAM_FAKE_BOUNCE_SUB1 &&
__M8RAM_FAKE_BOUNCE_SUB2)
score NICK_FAKE_BOUNCE 10.0
describe NICK_FAKE_BOUNCE Attached bounce contains my address but I never
sent this!
(be ware of line wrap!)
I hope you can use this!
Bram
--
# Mertens Bram "M8ram" <[EMAIL PROTECTED]> Linux User #349737 #
# SuSE Linux 8.2 (i586) kernel 2.4.20-4GB i686 256MB RAM #
# 10:09pm up 65 days 1:44, 8 users, load average: 0.00, 0.05, 0.06 #
