help with regex or ? - ORF Forums

@Mike Haas:
If you would like to block SMTP sender addresses with three consecutive hyphens in the username part, you should simply add

.*-{3}.*@.*

to the Sender Blacklist as a regular expression. However, if you want this test to be performed on the MIME From: address only (see the difference between SMTP and MIME sender addresses at http://www.vamsoft.com/faq.asp#whynotsender), follow the steps below:

1. Start the Administration Tool
2. Make sure the Keyword Blacklist test is enabled (Configuration / Tests / Tests)
3. Expand Configuration / Filtering - On Arrival / Keyword Blacklist in the left navigation tree
4. Click New
5. On the Filter Properties tab, set the Search scope radio button to "Raw MIME"
6. Add a comment text, so you can identify the filter later, e.g. "3 hyphens in the From: address"
7. On the Filter Expression tab, add the following expression:

.*^From:[^\r\n]*\b\<?[^\r\n]*-{3}[^\r\n]*@[^\r\n]*>?\s?$

8. Set the Expression type to "Regular expression (Perl-compatible)"
9. Click OK, and press Ctrl + S to save the configuration.

It is not possible to compare the MIME From:, Reply-To: and Return-Path: email addresses and blacklist the email if these do not match using a regular expression, but it would not be recommended anyway, as it is absolutely legal using different addresses in these fields, so you'd block many legitimate emails as well.