I am trying to write a rule that examines the To and CC fields and
matches if:
1. The field is of the format "Real Name" <user@mydomain.com>, and
2. The first four characters of the real name do NOT match the first
four characters of the email address.
The reason is that I am seeing lots of spam addressed to things like:
"Nicole N. Inquisitor" <myname@mydomain.com>
I know that my regular expressions work if I plug them into a perl
script, but the rule still isn't firing. This is what I have:
header __FAKE_TO_NAME1 ToCc =~ /^\s*".*"\s+<\S+\@mydomain\.com>\s*$/i
header __FAKE_TO_NAME2 ToCc !~
/^\s*"\s*(\S{4}).*"\s+<\1\S*\@mydomain\.com>\s*$/i
meta FAKE_TO_NAME (__FAKE_TO_NAME1 && __FAKE_TO_NAME2)
describe FAKE_TO_NAME Addressed to a faked real name.
score FAKE_TO_NAME 1.0
This is in a myrules.cf file in /etc/mail/spamassassin. I've run
--lint on it and gotten no errors.
Any ideas? I'm almost suspecting that the ToCc is not showing me the
real name part of the address?!
Thanks,
Kevin
matches if:
1. The field is of the format "Real Name" <user@mydomain.com>, and
2. The first four characters of the real name do NOT match the first
four characters of the email address.
The reason is that I am seeing lots of spam addressed to things like:
"Nicole N. Inquisitor" <myname@mydomain.com>
I know that my regular expressions work if I plug them into a perl
script, but the rule still isn't firing. This is what I have:
header __FAKE_TO_NAME1 ToCc =~ /^\s*".*"\s+<\S+\@mydomain\.com>\s*$/i
header __FAKE_TO_NAME2 ToCc !~
/^\s*"\s*(\S{4}).*"\s+<\1\S*\@mydomain\.com>\s*$/i
meta FAKE_TO_NAME (__FAKE_TO_NAME1 && __FAKE_TO_NAME2)
describe FAKE_TO_NAME Addressed to a faked real name.
score FAKE_TO_NAME 1.0
This is in a myrules.cf file in /etc/mail/spamassassin. I've run
--lint on it and gotten no errors.
Any ideas? I'm almost suspecting that the ToCc is not showing me the
real name part of the address?!
Thanks,
Kevin