help with regex or ? - ORF Forums

help with regex or ? RSS Back to forum

1

need some help trying to right a regex for sender blacklist...

i would like to blokc any sender email address with three consecutive hypens in the address, like

also, any way to block emails that list too many different email addressess in reply to or from in the various header fields? or at this time to just outright not allow email from yahoo.com or hotmail.com to specify a different domain in reply-to or from address

example:
Received: from [41.138.172.213] by web83915.mail.sp1.yahoo.com via HTTP; Mon,
24 Jan 2011 09:01:58 PST
X-Mailer: YahooMailClassic/11.4.20 YahooMailWebService/0.8.107.285259
Date: Mon, 24 Jan 2011 09:01:58 -0800
From: Central Banking Nigeria
Reply-To:
Subject: Released Of Your Funds
To: undisclosed recipients:;
Return-Path:

by Mike Haas 8 years ago
2

@Mike Haas:
If you would like to block SMTP sender addresses with three consecutive hyphens in the username part, you should simply add

.*-{3}.*@.*

to the Sender Blacklist as a regular expression. However, if you want this test to be performed on the MIME From: address only (see the difference between SMTP and MIME sender addresses at http://www.vamsoft.com/faq.asp#whynotsender), follow the steps below:

1. Start the Administration Tool
2. Make sure the Keyword Blacklist test is enabled (Configuration / Tests / Tests)
3. Expand Configuration / Filtering - On Arrival / Keyword Blacklist in the left navigation tree
4. Click New
5. On the Filter Properties tab, set the Search scope radio button to "Raw MIME"
6. Add a comment text, so you can identify the filter later, e.g. "3 hyphens in the From: address"
7. On the Filter Expression tab, add the following expression:

.*^From:[^\r\n]*\b\?\s?$

8. Set the Expression type to "Regular expression (Perl-compatible)"
9. Click OK, and press Ctrl + S to save the configuration.

It is not possible to compare the MIME From:, Reply-To: and Return-Path: email addresses and blacklist the email if these do not match using a regular expression, but it would not be recommended anyway, as it is absolutely legal using different addresses in these fields, so you'd block many legitimate emails as well.

by Krisztian Fekete 8 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2