From: Mike Spamassassin [mailto:[EMAIL PROTECTED]
> > From: Mike Spamassassin [mailto:[EMAIL PROTECTED]
> >>
> >> This is working pretty well so far.
> >> Thanks for you help with this.
> >>
> >> I would like to enhance it to cater for the situations where I am
> >> not in the "To" address (e.g. I am in CC: to Bcc: or the "mailing
> >> list" situation.
> >>
> >> How would I do a test of the form:
> >>
> >> If To: email address contains ernstoff.net then check for To:
> >> real name contains Mike or Michael or is blank?
> >
> > That is a bit more complex. Meta rules may be the best way to go
> > here.
> >
> > header _TO_MYEMAIL To:addr =~ /ernstoff\.net/i
> > header _CC_MYEMAIL Cc:addr =~ /ernstoff\.net/i
> >
> > header _TO_MYNAME To:name =~ /\b(?:Mike|Michael)\b|^$/i
> > header _CC_MYNAME Cc:name =~ /\b(?:Mike|Michael)\b|^$/i
> >
> > meta NOT_MY_NAME (_TO_MYEMAIL && ! _TO_MYNAME)
> > || (_CC_EMAIL && ! _CC_MYNAME)
> > describe NOT_MY_NAME My email address, but not my name
> > score NOT_MY_NAME 1
> >
> > (Note that the meta command should be all on one line)
> >
> > The rule names that start with an underscore are defined as
> > sub-rules and are not scored separately.
> >
> > Also, keep in mind that the :addr and :name modifiers only grab
> > the first address or real name on the line. If there are multiple
> > addresses or real names, they are ignored. You may have better
> > results just leaving off the :addr and :name modifiers and
> > accepting that it will miss a few by matching the name inside the
> > email address ([EMAIL PROTECTED], for example).
> >
> > header _TO_MYEMAIL To =~ /ernstoff\.net/i
> > header _CC_MYEMAIL Cc =~ /ernstoff\.net/i
> >
> > header _TO_MYNAME To =~ /\b(?:Mike|Michael)\b(?!\@)|^$/i
> > header _CC_MYNAME Cc =~ /\b(?:Mike|Michael)\b(?!\@)|^$/i
> >
> > meta NOT_MY_NAME ( _TO_MYEMAIL && ! _TO_MYNAME )
> > || ( _CC_EMAIL && ! _CC_MYNAME )
> > describe NOT_MY_NAME My email address, but not my name
> > score NOT_MY_NAME 1
> >
> > The extra stuff on the name regex ensures that the name is not
> > immediately followed by an "@" to try to avoid matching on obvious
> > email addresses.
> >
> > It is possible to parse it all out, but as there are quite a few
> > valid formats, this would be far more trouble than it is worth.
>
> I used the second option and had a couple of problems. First
> problem was quickly solved; double underscores needed to stop the
> header rules adding to the score.
Ah...I misread the docs. You're right, it does require a double
underscore.
> Second problem is that the "blank" name is scoring the same as if it
> were the wrong name.
You're right. That pattern might work as a To:name match, but not on
the full header. Let me try again...
After some experimentation, I came up with this simpler rule. It
should match if your domain shows up in the TO or CC headers and it is
matched to a realname that does not include "mike" or "michael".
Try it and see what happens
header __TOCC_MYEMAIL ToCc =~ /[EMAIL PROTECTED]/i
header __TOCC_NOT_MYNAME ToCc !~
/(?:^|,)[,"\s]{0,10}(?:\b(?:mike|michael)\b)?[\s"]{0,10}<[^>@[EMAIL PROTECTED]
et>/i
meta NOT_MY_NAME ( __TOCC_MYEMAIL && __TOCC_NOT_MYNAME )
score NOT_MY_NAME 1
Note that the MYNAME pattern should be all on one line with no spaces.
Explanation of the crazy regex:
(?:^|,)
Start at the beginning of the line, or at a comma
[,"\s]{0,10}
Zero to ten commas, quotes, or whitespace characters
(?:\b(?:mike|michael)\b)?
Optionally, Mike or Michael as a single word
[\s"]{0,10}
Zero to ten quotes or whitespace characters
<[^>@[EMAIL PROTECTED]>
An email address ending with "@ernstoff.net" in angle brackets
/i
Make it a case-insensitive match
Bowie
