I've recently started using mailfilter (called as a precommand from fetchmail) and it works really well. (I have had a couple of mail addresses faked by spammers, so I've had tens of thousands of mail bounces over the last month.)
If a mail slips through, I add another rule to cope. However, I find it is not deleting mail messages where the mail address does not appear in the To: field, but appears as a 'for' line elsewhere in the header. In the example below, the faked address is [EMAIL PROTECTED], and I have set up a DENY filter to delete it from the server. But it doesn't work. Is there something wrong with my regexp? Dougie ----vvvvv ---- header containing faked e-mail address --vvvv Return-path: <[EMAIL PROTECTED]> Envelope-to: [EMAIL PROTECTED] Received: from postie by tbird2.homelan with local (Exim 3.33 #1 (Debian)) id 16QlnU-0008NX-00 for <[EMAIL PROTECTED]>; Wed, 16 Jan 2002 08:51:52 +0000 Received: from root by tbird2.homelan with local (Exim 3.33 #1 (Debian)) id 16QlnS-0008Lp-00 for <[EMAIL PROTECTED]>; Wed, 16 Jan 2002 08:51:50 +0000 Received: from mail.cix.co.uk [212.35.225.149] by localhost with POP3 (fetchmail-5.9.6) for [EMAIL PROTECTED] (single-drop); Wed, 16 Jan 2002 08:51:49 +0000 (GMT) Received: from sulphur.cix.co.uk (localhost [127.0.0.1]) by sulphur.cix.co.uk (8.11.3/CIX/8.11.2_BM26) with ESMTP id g0G8MQq09338 for <[EMAIL PROTECTED]>; Wed, 16 Jan 2002 08:22:26 GMT Received: from deliverator.sgi.com (deliverator.sgi.com [204.94.214.10]) by sulphur.cix.co.uk (8.11.3/CIX/8.11.3) with ESMTP id g0G8MOL09292 for <[EMAIL PROTECTED]>; Wed, 16 Jan 2002 08:22:25 GMT X-Envelope-From: [EMAIL PROTECTED] Received: (from [EMAIL PROTECTED]) by deliverator.sgi.com (980309.SGI.8.8.8-aspam-6.2/980310.SGI-aspam) id AAA08556 for [EMAIL PROTECTED]; Wed, 16 Jan 2002 00:17:51 -0800 (PST) mail_from (Mailer-Daemon) Date: Wed, 16 Jan 2002 00:17:51 -0800 (PST) From: [EMAIL PROTECTED] Message-Id: <[EMAIL PROTECTED]> Subject: Returned mail: unknown user X-Envelope-To: [EMAIL PROTECTED] X-UIDL: _YSC.DhTR8.sulphur To: [EMAIL PROTECTED] Sender: <[EMAIL PROTECTED]> Content-Type: Status: R X-Status: N -------^^^^^ ---- Header containing faked e-mail address ---- ^^^^ ---- ----vvvv ---- Filter in .mailfilterrc ---- vvvvv ----- # Filter rules for detecting spam (each rule must be placed # in a seperate line) # These filters detect certain unpleasant e-mail subjects: DENY=^To:[EMAIL PROTECTED] [EMAIL PROTECTED] DENY=^To:[EMAIL PROTECTED] [EMAIL PROTECTED] ---- ^^^ ----- Filter in .mailfilterrc ---- ^^^^ -------
