On Thu, Mar 26, 2009 at 05:18:07PM +0100, Karsten Bräckelmann wrote: > On Thu, 2009-03-26 at 14:17 +0000, Arthur Dent wrote: > > On Thu, Mar 26, 2009 at 09:40:34AM -0400, spamassas...@corwyn.net wrote: > > > > Is it possible to get spamassassin to score email addresses with 4 (or > > > more) numeric digits in sequence in the user name? > > > If you use procmail before spamassassin you can use the following rule > > which I > > created with help from someone on this list (thanks Karsten!): > > Yay. I have some vague recollection of this... ;) > > > # This one matches anything which has more than 5 digits in the name: > > > > # catch bad numerical To: headers > > :0: > > * ^TO_.*[0-9][0-9][0-9][0-9][0-9] > > /dev/null #(or a quarantine location...) > > In my not-so-humble opinion, this is too weak a pattern to use as a > poison pill. Even worse, to discard such mail at sight without any > possibility for other rules to exonerate that message. > OK - I completely accept Karsten and others' criticism of this, and it was probably poor advice to the OP on my part. However, I want to point out why it's OK for me...
I have a Demon account. This allows one to create a sort of sub-domain name (e.g. mydomain.demon.co.uk) and thus have an infinite variety of addresses e.g. mycooln...@mydomain.demon.co.uk and myworkn...@mydomain.demon.co.uk etc. etc. This is both a blessing and a curse (and on balance I think it's more of an advantage than a disadvantage) but it does mean that I cannot reject mail, because anything for x...@mydomain.demon.co.uk get delivered to me. Most of my contacts use myrealn...@mydomain.demon.co.uk and all the other addresses I use for other things allow me easily to filter and sort. However I did (some time ago) get a rash of spam addressed to hjjsf837645788869jsdh7777...@mydomain.demon.co.uk and the like, hence - with Karsten's help - created the procmail recipe. I did not discard at first, but ran it into a quarantine for several months. Apart from needing to increase from 4 to 5 digits as I described, I had not one false positive in all that time. I am now completely confident in committing those emails to the /dev/null pit of doom. That, however is me. This is a small home server, serving just me and my family. Your mileage may (probably will) vary... I apologise for offering poor advice. I just thought it might provide a starting point for refining a solution for the OP. Mark
pgpp1WSWgLSAL.pgp
Description: PGP signature
