mailfilter rule for matching address ANYWHERE in header

To: debian-user@lists.debian.org
Subject: mailfilter rule for matching address ANYWHERE in header
From: Dougie Nisbet <dougie@tbird2.homelan>
Date: Wed, 16 Jan 2002 10:40:02 +0000
Message-id: <[🔎] 02011610400200.03024@tbird2>
Reply-to: dougie@highmoor.co.uk

I've recently started using mailfilter (called as a precommand from 
fetchmail) and it works really well. (I have had a couple of mail addresses 
faked by spammers, so I've had tens of thousands of mail bounces over the 
last month.)

If a mail slips through, I add another rule to cope. However, I find it is 
not deleting mail messages where the mail address does not appear in the To: 
field, but appears as a 'for' line elsewhere in the header. In the example 
below, the faked address is lunsform3459@cix.compulink.co.uk, and I have set 
up a DENY filter to delete it from the server. But it doesn't work. Is there 
something wrong with my regexp?

Dougie

----vvvvv ---- header containing faked e-mail address --vvvv 

Return-path: <postie@tbird2.homelan>
Envelope-to: dougie@tbird2.homelan
Received: from postie by tbird2.homelan with local (Exim 3.33 #1 (Debian))
 id 16QlnU-0008NX-00
 for <dougie@tbird2.homelan>; Wed, 16 Jan 2002 08:51:52 +0000
Received: from root by tbird2.homelan with local (Exim 3.33 #1 (Debian))
 id 16QlnS-0008Lp-00
 for <postie@tbird2.homelan>; Wed, 16 Jan 2002 08:51:50 +0000
Received: from mail.cix.co.uk [212.35.225.149]
 by localhost with POP3 (fetchmail-5.9.6)
 for postie@localhost (single-drop); Wed, 16 Jan 2002 08:51:49 +0000 (GMT)
Received: from sulphur.cix.co.uk (localhost [127.0.0.1])
 by sulphur.cix.co.uk (8.11.3/CIX/8.11.2_BM26) with ESMTP id g0G8MQq09338
 for <lunsform3459@nisbet.compulink.co.uk>; Wed, 16 Jan 2002 08:22:26 GMT
Received: from deliverator.sgi.com (deliverator.sgi.com [204.94.214.10])
 by sulphur.cix.co.uk (8.11.3/CIX/8.11.3) with ESMTP id g0G8MOL09292
 for <lunsform3459@nisbet.compulink.co.uk>; Wed, 16 Jan 2002 08:22:25 GMT
X-Envelope-From: Mailer-Daemon@deliverator.sgi.com
Received: (from guest@localhost) by deliverator.sgi.com 
(980309.SGI.8.8.8-aspam-6.2/980310.SGI-aspam) id AAA08556
 for lunsform3459@nisbet.compulink.co.uk; Wed, 16 Jan 2002 00:17:51 -0800 
(PST)
 mail_from (Mailer-Daemon)
Date: Wed, 16 Jan 2002 00:17:51 -0800 (PST)
From: Mailer-Daemon@deliverator.sgi.com
Message-Id: <200201160817.AAA08556@deliverator.sgi.com>
Subject: Returned mail: unknown user
X-Envelope-To: lunsform3459@nisbet.compulink.co.uk
X-UIDL: _YSC.DhTR8.sulphur
To: postie@tbird2.homelan
Sender: <postie@tbird2.homelan>
Content-Type: 
Status: R 
X-Status: N
 
-------^^^^^ ---- Header containing faked e-mail address ---- ^^^^ ----




----vvvv ---- Filter in .mailfilterrc ---- vvvvv -----
# Filter rules for detecting spam (each rule must be placed
# in a seperate line)
# These filters detect certain unpleasant e-mail subjects:
DENY=^To:.*lunsform3459@nisbet.compulink.co.uk
DENY=^for.*manougian@nisbet.compulink.co.uk
DENY=^To:.*manougian@nisbet.compulink.co.uk
DENY=^for.*lunsform3459@nisbet.compulink.co.uk

---- ^^^ ----- Filter in .mailfilterrc ---- ^^^^ -------

Reply to:

Follow-Ups:
- Re: mailfilter rule for matching address ANYWHERE in header
  - From: Sven Hoexter <sven@telelev.net>

Prev by Date: Re: Large file sizes (2+Gb)
Next by Date: OT: GCC cross compiling
Previous by thread: Re: HPT370 and other errors :-(
Next by thread: Re: mailfilter rule for matching address ANYWHERE in header
Index(es):
- Date
- Thread