On Fri, 2014-06-06 at 18:36 -0600, Philip Prindeville wrote:
> On Jun 6, 2014, at 3:50 PM, Axb <axb.li...@gmail.com> wrote:
>
> > If you have to post a spam sample, pls use pastebin and post the full msg
>
> Here’s a prototype:
> http://ur1.ca/hgxkx
That Return-Path really sticks out. It's basically the From: address
with embedded To: address. Spaces added for convenience.
CamelCasedPayload - user=recipient.net @ example.com
Depending on the number of individual recipient addresses, there are
multiple approaches for rules possible. Matching a specific target
address, including the whole domain, or even seriously complex rules
also taking the From: header into account.
In either case, be careful to NOT simply match your address embedded
like that, because that's close to how mailing-lists do it. Compare this
message's Return-Path.
The following rule (beware, entirely untested) would match that pattern.
A camel-cased string, hyphen, email address with equal sign substituted
for "@", followed by @ (and an arbitrary domain).
header CAMEL_CASE Return-Path:addr =~
/^(?:[A-Z][a-z]+){3,}-user=recipient\.net@/
You will of course have to substitute your address. If there are
multiple valid user names, you could use something like /[a-z]+/ instead
of an actual user name.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
