Re: Another "this should have triggered more rules" post

[Skip]

describe TO_TOO_MANY To: too many recipients header TO_TOO_MANY To =~ /(?:,[^,]{1,80}){20}/ describe TO_WAY_TOO_MANY To: way too many recipients header TO_WAY_TOO_MANY To =~ /(?:,[^,]{1,80}){50}/ The {20} variant will cause "normal" FPs. I don't think the {50} would really cause FPs. but then header TO_WAY_TOO_MANY To =~ /(?:,[^,]{1,80}){100}/ should more than conservative. Of course. The threshold for "too many" is naturally something that will vary for different people and situations. Anyway, this is worth an MTA reject Good point - I added some tests to my milter-regex. However, not everyone can do MTA rejects on this, so SA rules do have utility. What would be a command line equivalent that I can test this _expression_ against my current inbox in order to see if I would have had any FPs?  Something like for file in *; do egrep ^To:.*(?:,[^,]{1,80}){20} $file;done but this will only check one line (the To: header is obviously many, many lines long) and generates a syntax error as is. -- Get my PGP Public key here: http://pelorus.org/[EMAIL PROTECTED]