On 8/11/2011 1:25 PM, dar...@chaosreigns.com wrote:
Well, your example email doesn't match either of your rules.
On 08/11, Ted Mittelstaedt wrote:
header LOCAL_AUTH_RCVD Received =~ /^from [^ ]+
\([^)]*\)\s+\(authenticated bits=\d+\)\s+by mail\.wonkulating\.net/
header AUTHBIT0 From =~ /authenticated bits=0/
Received: from [192.168.0.4] (67-5-155-64.ptld.qwest.net [67.5.155.64])
(authenticated bits=0)
by mail.seasurf.net (8.14.4/8.14.4) with ESMTP id p7AKFbn5099852
for<tmittelsta...@gmail.com>; Wed, 10 Aug 2011 13:15:37 -0700 (PDT)
(envelope-from 25ter...@wonkulating.net)
This is the only one with "authenticated bits", and it doesn't contain
"mail.wonkulating.net", so it won't match the first rule.
oops that missed my obfuscating! Since the cat is out of the bag
now, yes it is all seasurf.net You should know what wonkulating is,
if you have been in the industry for a while. See foo.
I feel like I may have heard something about headers being concatenated
before matching against rules, which might change this, but I'm having
difficulty finding it.
From: Terry Andrews<25ter...@wonkulating.net>
The other rule is to match the From header, and this doesn't contain
"authenticated bits=0".
thanks,
Ted
