On Fri, Dec 15, 2006 at 01:44:01PM -0500, Whit Blauvelt wrote:
> > Has anyone implemented some form of parsing of the received headers to
> > determine who the previous relay was? When is the earliest time that these
> > headers are available? filter_begin? Are these easily accessible through
> > mimedefang's variables or will we need to build some kind of script that
> > will parse the actual mail files?
>
> Here's a way to get ahold of the Received headers. I haven't figured out the
> earliest place it can go in the script. It certainly works if put just above
> the call to SpamAssassin.
>
> $HDRS = $CWD . "/HEADERS";
[...]
You can put this as early as the filter_begin() function, since that's
the first time the message is parsed.
But it's a lot easier than this, since the message has already been
parsed, and put into a MIME::Entity object. You just have to save
the object that is passed to filter_begin, and extract the header
object, and then any header you like from that.
sub filter_begin {
my($entity) = @_;
# ... other code goes here, optionally
my $header_object = $entity->head;
my $first_received = $header_object->get('Received', 0);
### $first_received is actually the first "Received:" header
### that is received from the remote host, so it contains
### the "previous relay".
if ( $RelayHostname eq 'my.backupmx.server.domain.tld' ) {
### extract "previous relay"
if ( $first_received =~ m{
from\s+(\S+) # match HELO name
\s+\( # literal '('
(?: # start optional hostname...
([A-Za-z0-9.-]+\.[a-z]+) # match hostname
\s+
)?
\[ # literal '['
(\d+(?:\.\d+){3}) # match an IP address
\] # literal ']'
(?:\s+\([^)]*\))? # optional "(may be forged)"
\s*\) # literal ')'
}x ) {
$previousHelo = $1;
$previousRelayHostname = $2;
$previousRelayAddr = $3;
}
}
### get last received header
my $last_received = $header_object->get('Received', -1);
...
Note: the above code is untested. The regular expression matches
a sendmail-style Received line:
Received: from HELO (reverse.dns [i.p.ad.dr] (may be forged))
Have fun,
--
Jan-Pieter Cornet <[EMAIL PROTECTED]>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs. !!
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
