I'm trying to block some spammer by filtering some fields in the mail header, but it isn't working. The spammer is adding random domains in the headers, but the "user" is always the same, like this: www-data@domain1.com , www-data@domain2 and so on. I don't expect to have anyone sending legitimate mails with the sender name "www-data", so I'm ok if all of them be discarded.
The regex I'm trying to use but isn't working is:
/^(From|Return-Path|Reply-To):.*www-data@.*/ DISCARD known spam sender in $1: header: $2
I have other rules also filtering other aspects, like forging my own domain, which is working:
/^(From|Return-Path|Reply-To):.*\b(@mydomain\.com)\b/ DISCARD forged sender address in $1: header: $2
What could I be doing wrong? Thanks!