Extracting multiple recipients using procmail

I have a whitelist set up in procmail. It works fine except in
the cases where a spammer includes multiple recipients, one of which
is a valid address for my domain. Does anyone have a procmail recipe
that extracts a list of recipients from the message headers and
ensures that all of them are in a whitelist file?

Thanks,

Patrick

------------------------------------------------------------ ------------
S P Engineering, Inc. | The experts in large scale distributed OO
| systems design and implementation.
pjm@spe.com | (C++, Java, Common Lisp, Jini, CORBA, UML)

Re: Extracting multiple recipients using procmail

Patrick May writes:
> I have a whitelist set up in procmail. It works fine except in
> the cases where a spammer includes multiple recipients, one of which
> is a valid address for my domain. Does anyone have a procmail
> recipe that extracts a list of recipients from the message headers
> and ensures that all of them are in a whitelist file?

Rudely following up to my own post: I shouldn't have used the
term "whitelist", what I have is a list of valid recipients for my
local domain. I would like to catch any email that is not to one of
those recipients, even if a valid recipient is in the list.

Thanks,

Patrick

------------------------------------------------------------ ------------
S P Engineering, Inc. | The experts in large scale distributed OO
| systems design and implementation.
pjm@spe.com | (C++, Java, Common Lisp, Jini, CORBA, UML)

Re: Extracting multiple recipients using procmail

Patrick May wrote:

> Patrick May writes:
>
>> I have a whitelist set up in procmail. It works fine except in
>>the cases where a spammer includes multiple recipients, one of which
>>is a valid address for my domain. Does anyone have a procmail
>>recipe that extracts a list of recipients from the message headers
>>and ensures that all of them are in a whitelist file?
>
>
> Rudely following up to my own post: I shouldn't have used the
> term "whitelist", what I have is a list of valid recipients for my
> local domain. I would like to catch any email that is not to one of
> those recipients, even if a valid recipient is in the list.
>
> Thanks,
>
> Patrick
>
> ------------------------------------------------------------ ------------
> S P Engineering, Inc. | The experts in large scale distributed OO
> | systems design and implementation.
> pjm@spe.com | (C++, Java, Common Lisp, Jini, CORBA, UML)
In short, you can not.

The information present in the header of the message that deals with the
To, Cc or any other field is not authoritative as to whom the message
was really sent.

A message can be sent to a single individual, but the information of the
header portion could list as many or as few individual as one sees
appropriate.

Your only option is to grab all and then either setup a for each item
loop to check on each one, or pass the item to a script that would
validate the email.

Does your mail server in the headers that it adds, received lines etc.
include the addressee information (Delivered-To: or Message to etc.?)
If this information is part of the header, then you could rely on that
information for comparison.

AK