On Fri, 2010-03-12 at 13:19 -0500, Charles Gregory wrote:
> > describe FORGED_YAHOO Yahoo with non-Yahoo Reply-to address
> > header __FORGED_YH1 From =~ /\...@yahoo\.com/i
> > header __FORGED_YH2 Reply-to =~ /\...@yahoo\.com/i
> > meta FORGED_YAHOO (__FORGED_YH1 && !__FORGED_YH2)
>
> The problem with this is that the !__FORGED_YH2 matches
> when there is *NO* Reply-To header at all!
>
> You need something like this:
>
> header __FORGED_YH2 Reply-To =~ /\@([^y]|y[^a]|ya[^h]|yah[^o])/i
> meta FORGED_YAHOO (__FORGED_YH1 && __FORGED_YH2)
Creative...
However, a better and likely more comprehensible solution would be, to
add an if-unset constraint to the previous rule-set. :) Adding
[if-unset: @yahoo.com]
at the end of the YH2 rule will prevent the match on a missing Reply-To
header, by faking one in its absence.
Of course, there's also always the solution of adding another sub-rule
to the meta that tests a header for existence.
header __HAS_REPLY_TO exists:Reply-To
But that's just plain boring rules, no funky REs there. Sorry. ;)
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
