Blocking e-mail with special characters in username

Furnish, Trever G TGFurnish at herffjones.com
Thu Dec 7 18:03:25 GMT 2006


Much to my chagrin, I put this header rule in place and was very happy
with the amount of spam it was catching...without realizing for a few
days that it actually matches "<abc at foo.com>" just as well as it matches
"<a'bc at foo.com>". :-(  Lots and lots of false positives.

       From =~ /\<\w[\w']{1,30}\@/

That reads "the character <, followed by a word character, followed by
between 1 and 30 word characters or apostrophes, followed by an
at-sign".  In other words it doesn't need the apostrophe in order to
match.

So thinking myself reasonably proficient in Perl I put in the following
instead:

       From =~ /\<[^'\@]*'[^\@]*\@/

...which my own checking with Perl and with "Regex Coach" (after
removing the perl-specific \ before the @'s) seem to confirm works
correctly.

But that doesn't work in MailScanner+SA3.0. :-(  Still lots and lots of
false positives.

Given the following From header in the message, can someone tell me what
I'm missing?  Anyone see any reason this header should match the second
pattern listed above?

   From: "Aubrey Rosario" <socialismexhalation at aakb.bib.dk>

--
Trever




> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of John Wilcock
> Sent: Friday, December 01, 2006 6:37 AM
> To: MailScanner discussion
> Subject: Re: Blocking e-mail with special characters in username
> 
> emm1 wrote:
> > I have been having alot of e-mails like this one 
> > from=<biographicalparallelism's at acbm.com>. How can I block 
> e-mail that 
> > contain characters like ' in the username/domain field?
> > 
> > Thanks!
> 
> I've been seeing a few of these, but all have scored well 
> over 10 points largely thanks to SARE stocks rules.
> 
> If you want a specific rule, this should catch them:
> 
> header		local_FROM_APOSTROPHE	From =~ 
> /\<\w[\w']{1,30}\@/
> 
> 
> John.
> 
> --
> -- Over 3000 webcams from ski resorts around the world - 
> www.snoweye.com
> -- Translate your technical documents and web pages    - www.tradoc.fr
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 


More information about the MailScanner mailing list