On Tue, Jun 15, 2004 at 04:45:42PM +0200, Ralf Guenthner wrote:
> it would be great, if SARE came up with a comprehensive ruleset for this
> right-wing drivel. I've already made up my own for the time being, but
> I'm not very good with regex, so I guess it can be done more efficiently?! :
The rule which checks for the forged qmail-Message-ID[1]
worked pefectly here, and is only one Check/Pattern
instead of a big meta-Rule. (It was on the list,
onl this thread...)
So we removed the big rule and kept only the small
and NOTHING more came through (so far).
So I presume, we can avoid the big pattern-list
(at least for a while :-)
Stucki
[1] Qmail *always* uses numeric unix-date/time for the Message-ID
as in <[EMAIL PROTECTED]>
the forgery contains hexadecimals in the 'numeric' time/date-string.
--
Christoph von Stuckrad * * |nickname |<[EMAIL PROTECTED]>\
Freie Universitaet Berlin |/_*|'stucki' |Tel(days):+49 30 838-75 459|
Fachbereich Mathematik, EDV|\ *|if online|Tel(else):+49 30 77 39 6600|
Arnimallee 2-6/14195 Berlin* * |on IRCnet|Fax(alle):+49 30 838-75454/
