A request for assistance from any regex guru’s.
I am trying to block/hold/identify the following FROM field in
header_checks:
“displayn...@example.com” <anyn...@otherexample.com>
The sender is trying to spoof example.com in the Display Name part of the
FROM.
I am not concerned with:
"displayn...@example.com" <anyn...@example.com> or
<anyn...@example.com>,
"anyn...@example.com"
as I have a strict_client_domain setup for example.com which works fine.
I am a bit fuzzy on lookahead/lookbehind regexes if that is what is needed.
So if the FROM address matches "@example.com.*<"
BUT does not have a "<.*@example.com"
I want a regex to flag it.
Possible? Thanks for your considerations.
