On Thu, 2009-03-26 at 12:07 -0400, spamassas...@corwyn.net wrote:
> At 11:19 AM 3/26/2009, John Hardin wrote:
> >On Thu, 26 Mar 2009, spamassas...@corwyn.net wrote:
> > >(seems like a lot of our spam comes in for garbage users with user
> > >names that are strings of numbers).
> >
> > ...your MTA should _not_ be accepting invalid recipient addresses
> > for delivery. Fix your MTA configuration so that it rejects invalid
> > recipient addresses at SMTP time, don't try to patch this via SA rules.
>
> Typo on my part, that should be "from garbage users". I already
> received a response for adding
*sigh* So my original response was actually correct. :)
> describe FOURNUMBERS flag things with 4 or more numbers in the from:
> header FOURNUMBERS from: \d{4}
> score FOURNUMBERS .5
>
> that should resolve what I wanted it to resolve
Nope, it does not. See my previously posted rule.
According to your question, there are 2 issues with this rule. (a) It
does check the entire From header, including non-address real name
parts. Use the :addr suffix for that. (b) It does not limit matching to
the user part only, but also matches the domain. See my use of /.*\@/ in
the RE, together with the :addr suffix.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
