+> ... would trigger false positives on +> a@domain, b@domain, ..., k@domain
+> i.e., 11 (not 10) of the same domain would trigger this regardless of the +> local parts. Well, the SUSPICIOUS_[CC_]RECIPS macros seemed good, so I +> tweaked them ... Tom> Coincidentally, I just sent fixes for these patterns last night. Hm, is there some latency with the archives? I did search on the string VERY_SUSP_RECIPS before posting. Oh, well. Tom> But yours requires the final substring of the username to be the Tom> same each time... Yes... Tom> ... while (I believe) the rule was intended to catch the frequent Tom> practice of sending to a large list of alphabetized names, e.g. Tom> francesca@foo, frank@bar, franklin#baz, fred@baz ... . So the original Tom> pattern (intended to) match reqeated addresses with the same initial 2 Tom> characters. Ah, that makes sense; that *is* a better pattern to test for. Tom> But as you saw, it wasn't quite right. It matched parts of Tom> the domain when it thought it was matching username. Tom> Try these (probably still more complex than necessary)... Yes, this is better. (I did figure that an extra , and \b like you added would do the trick, but my various tries were not quite right, so I ended going with a simpler but less functional solution as you saw.) Nice work. -- John _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
