we receive many E-Mails with faked From (Header), and I'm trying to
block them.
Currenty I extract the domain (most our own domain) and check it for
SPF.
Hier my code to extract the From:
warn set acl_m_from =
${extract{2}{@}{${reduce{${addresses:$h_from:}}{}{$item}}}}
Unfortunately we receive E-Mail with TWO From addresses, such:
From: Blah <blah@???> <blub@???>
and then my code does not work anymore...
Can someone help me to extract the FIRST address from the faked header?