On 04/11/2010 5:56 PM, Karsten Bräckelmann wrote:
On Thu, 2010-11-04 at 15:55 -0230, Lawrence @ Rogers wrote:
I've noticed a bunch of spams coming in recently that have no To: and
Subject: and have cobbled together the following rule to combat them.
Any feedback would be appreciated.
Just as a side note, there is a difference between a missing and an
empty header.
# Message has empty To: and Subject: headers
# Likely spam
header __LW_EMPTY_SUBJECT Subject =~ /[[:space:]]$/
That rule does *not* do what you intend. It matches, if the last char of
the Subject happens to be a whitespace.
By definition, that header is not empty. Moreover, it is not equivalent
to a header that has no printable chars, which seems to be what you
actually tried the RE to match.
How's about this then
# Message has empty To: and Subject: headers
# Likely spam
header __LW_EMPTY_TO To =~ /^[[:space:]]$/
header __LW_EMPTY_SUBJECT Subject =~ /^[[:space:]]$/
meta LW_EMPTY_SUBJECT_TO (__LW_EMPTY_SUBJECT && __LW_EMPTY_TO)
describe LW_EMPTY_SUBJECT_TO Message has empty To and Subject headers
score LW_EMPTY_SUBJECT_TO 2.5
