You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Martin Gregorie <ma...@gregorie.org> on 2015/04/11 13:27:02 UTC
Tests on 'To' headers
I've recently been getting spam with multiple 'To' addresses that
include both my regular, published address and another address assigned
by my ISP than I have never publicised and that should never appear in
the same To header as the ISP-assigned address. So, I wrote a rule that
adds points if both addresses appear in a 'To' header.
However, this rule also fires whenever my published address is in the
'To' header and the unpublished address is used in 'Delivered-to' and
'X-original-to' headers generated internally by my ISP.
So, I have two questions:
1) is there a document anywhere that lists the headers that are treated
as if they are 'To' headers even though they have different names?
2) is there any way to restrict queries like mine to fire on 'To'
headers alone, i.e. would writing 'To:address =~ /blah/' rather than
'To =~ /blah/' restrict the rule to just looking at 'To' headers?
Martin
Re: Tests on 'To' headers
Posted by Reindl Harald <h....@thelounge.net>.
Am 11.04.2015 um 13:27 schrieb Martin Gregorie:
> I've recently been getting spam with multiple 'To' addresses that
> include both my regular, published address and another address assigned
> by my ISP than I have never publicised and that should never appear in
> the same To header as the ISP-assigned address. So, I wrote a rule that
> adds points if both addresses appear in a 'To' header.
>
> However, this rule also fires whenever my published address is in the
> 'To' header and the unpublished address is used in 'Delivered-to' and
> 'X-original-to' headers generated internally by my ISP.
>
> So, I have two questions:
>
> 1) is there a document anywhere that lists the headers that are treated
> as if they are 'To' headers even though they have different names?
>
> 2) is there any way to restrict queries like mine to fire on 'To'
> headers alone, i.e. would writing 'To:address =~ /blah/' rather than
> 'To =~ /blah/' restrict the rule to just looking at 'To' headers?
just a wild guess - try to anchor ^To
Re: Tests on 'To' headers
Posted by RW <rw...@googlemail.com>.
On Sat, 11 Apr 2015 12:27:02 +0100
Martin Gregorie wrote:
> I've recently been getting spam with multiple 'To' addresses that
> include both my regular, published address and another address
> assigned by my ISP than I have never publicised and that should never
> appear in the same To header as the ISP-assigned address. So, I wrote
> a rule that adds points if both addresses appear in a 'To' header.
>
> However, this rule also fires whenever my published address is in the
> 'To' header and the unpublished address is used in 'Delivered-to' and
> 'X-original-to' headers generated internally by my ISP.
If that behaviour is needed then, IMO, it should be handled by
pseudo-header.
> 2) is there any way to restrict queries like mine to fire on 'To'
> headers alone, i.e. would writing 'To:address =~ /blah/' rather than
> 'To =~ /blah/' restrict the rule to just looking at 'To' headers?
A workaround might be to use ALL.