On Saturday September 1 2007 05:06:24 [EMAIL PROTECTED] wrote: > If > header J Delivered-To =~ /.mailing list [EMAIL PROTECTED]/ > doesn't match this mail, but > header J Delivered-To =~ /mailing list [EMAIL PROTECTED]/ > does, why doesn't > header J Delivered-To =~ /^mailing list [EMAIL PROTECTED]/ > match? Odd, need to add a /m.
Yes, I just discovered the same recently. The point is that SpamAssassin joins all mail header fields with the same header name into one multine string of header field bodies, so whenever one uses a ^ or $ in a pattern, one is almost obliged to append a /m flag, otherwise one risks being at a mercy of malicious senders. Your example is just such a case. If a sender already provided a Delivered-To in his mail, then your MTA or LDA appends another one, the regexp using a ^ or $ without a /m fails to match. Depending on a situation, this can be a security risk. In summary: it is almost always wrong to leave out a /m flag when ^ or $ anchors are used in 'header' regexps. This does not apply to other checks, such as 'uri' or 'body'. Mark
