Here this is what I came up with
if (($header_SUBJECT: matches "(\\.\\+)\\\\s{5}([a-z0-9][a-z0-9]*)\\$") or
# Searches for subject: xxxxxx spammessage
($header_SUBJECT: matches "(\\.\\+)\\\\s{5}(\\\\[[a-z0-9][a-z0-9]*\\\\])\\$") or
# Searches for subject: xxxxxx [spammessage]
($header_SUBJECT: matches "(\\.\\+)\\\\s{5}(\\\\([a-z0-9][a-z0-9]*\\\\))\\$") or
# Searches for subject: xxxxxx (spammessage)
($header_SUBJECT: matches "(\\.\\+)\\\\s{5}{\\\\([a-z0-9][a-z0-9]*\\\\)}\\$") or
# Searches for subject: xxxxxx {spammessage}
($header_SUBJECT: matches "(\\.\\+)\\\\s{5}(-[a-z0-9][a-z0-9]*)\\$")
# Searches for subject: xxxxxx -spammessage
)
On 13 Sep 2000, at 12:12, Dennis Taylor wrote:
> At 01:39 PM 9/12/00 -0700, Dennis Taylor wrote:
> Ah, the joys of having your email reformatted on the way out!
>
> It's not at all obvious from the stuff below, but when I originally posted
> my filter example, there are 5 spaces between the opening quote and the
> first non-space character of each pattern. When spammers add the trailer of
> which I speak, there's always a huge stretch of whitespace between the "regular"
> part of the subject header and the trailer.
>
> I had this bit of filtering up for a couple of weeks where it would only
> record matching subject lines into my log file (to see how much legitimate
> mail I might block). I've never had a single email incorrectly tagged by
> this filter segment.
>
> >
> >if $header_to does not contain "pctc" and
> > (
> > $header_subject matches "
> > -[a-z0-9][a-z0-9]*\\$" or
> > $header_subject matches "
> >[a-z0-9][a-z0-9]*\\$" or
> > $header_subject matches "
> >\\\\[[a-z0-9][a-z0-9]*\\\\]\\$" or
> > $header_subject matches "
> >\\\\([a-z0-9][a-z0-9]*\\\\)\\$"
> > )
> >then
> > fail text "SPAM is not acceptable at this site"
> > finish
> >endif
> >
> >
> >At 01:59 PM 9/12/00 -0400, Jason Robertson wrote:
> >>Thanks Philip was wondering about this in relation to subjects..
> >>
> >>Though i do have a few tests that work on catching some spam.. The
> >>problem I have now is that I need to filter on more items
> >>
> >>if ($h_message-id contains <>) then
> >>if ($h_Message-ID contains <@>) then
> >>if (("${if !def:header_to: {nospam}}" is nospam ) (this is catches good
> >>messages too)
> >>if ($h_to: contains <> ) then
> >>if ($h_from: begins @) then
> >>if ($header_subject: is "Search Engine Secrets Discovered" ) then
> >>
> >>
> >>
> >>
> >>On 12 Sep 2000, at 10:32, Philip Hazel wrote:
> >>
> >>> On Tue, 12 Sep 2000, Scott Stavretis wrote:
> >>>
> >>> > How can I run this so that I can jsut put one enty in my main filter
> >file that
> >>> > points to another file that just has the addresses in it?
> >>> >
> >>> > eg. /etc/filter contains
> >>> > if $header_from contains "**SOMEHOW POINT TO /etc/filter.addresses **"
> >then
> >>> > fail text "INVALID ADDRESS" endif
> >>> >
> >>> > and /etc/filter.addresses contains a list of e-mail addresses
> >>>
> >>>
> >>> if ${lookup{$header_from:}lsearch{/some/file}{yes}{no}} is yes then
> >>>
> >>> ^
> >>> ^
> >>> This colon is important.
> >>>
> >>> --
> >>> Philip Hazel University of Cambridge Computing Service,
> >>> ph10@??? Cambridge, England. Phone: +44 1223 334714.
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >>---
> >>Jason Robertson
> >>Network Analyst
> >>jason@???
> >>http://www.astroadvice.com
> >>
> >>--
> >>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> >details at http://www.exim.org/ ##
> >>
> >---
> >Dennis Taylor
> >---
> >Don't worry about people stealing your ideas. If your ideas
> >are any good,
> >you'll have to ram them down people's throats.
> >
> >--
> >## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
> >
> ---
> Dennis Taylor
> ---
> Don't worry about people stealing your ideas. If your ideas
> are any good,
> you'll have to ram them down people's throats.
>
>
---
Jason Robertson
Network Analyst
jason@???
http://www.astroadvice.com