On Saturday September 1 2007 05:06:24 jidanni@jidanni.org wrote:
> If
> header J Delivered-To =~ /.mailing list users\@spamassassin\.apache\.org$/
> doesn't match this mail, but
> header J Delivered-To =~ /mailing list users\@spamassassin\.apache\.org$/
> does, why doesn't
> header J Delivered-To =~ /^mailing list users\@spamassassin\.apache\.org$/
> match? Odd, need to add a /m.


Yes, I just discovered the same recently. The point is that
SpamAssassin joins all mail header fields with the same header name
into one multine string of header field bodies, so whenever
one uses a ^ or $ in a pattern, one is almost obliged to append
a /m flag, otherwise one risks being at a mercy of malicious senders.

Your example is just such a case. If a sender already provided
a Delivered-To in his mail, then your MTA or LDA appends
another one, the regexp using a ^ or $ without a /m fails
to match. Depending on a situation, this can be a security risk.

In summary: it is almost always wrong to leave out a /m flag
when ^ or $ anchors are used in 'header' regexps.
This does not apply to other checks, such as 'uri' or 'body'.

Mark