would work but simpler would be something like:
all {
-9 nntp-posting-host: scott.net
}
Would zap anything posted from here.
Also consider the path, message-id, organization and from line.
While path is frequentily forged, sometimes there is useful information as
is the from line (bye mailloop) and organization (bye copycat).
> -1 pattern header ^Received: .*123.4.567* (where 123.4.567* is a netblock)
This would be more useful in a yarn mail filter or procmail filter.
however use the first three digits, as in
all {
header 204.181.147
}
Which again would zap anything posted from here thru the open port at
uu.net (which appends the IP number of the site that feeds the article in
the path line. By using header, you can also check the nntp-posting-host
line etc.