On Fri, 2010-05-21 at 17:43 -0400, Adam Katz wrote:
> header SINGLE_HEADER_2K ALL:raw =~ /^(?=.{2048,3071}$)/m
It does not match a single header, let alone a *specific* header as the
one mentioned, but ALL headers. It effectively checks the entire
headers' size.
As I understood it, the desired rule would check this one specific
header only, revealing that there is a substantial amount of Bcc's in
Yahoo (compromised web-mail accounts) mail.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
