On Fri, 10 May 2002, Ian C. Sison wrote:
..
> Hey orly!
> Care to share your submission script? Let's get a contest going..!
script below. it's overly commented and ugly. I'm sure the perlmonks can
come up with something more functional, cleaner, nicer, and a better hack
value overall.
this script assumes several things:
---
1) there's an mbox-style folder called "spamfolder" in the CWD
2) you've already submitted to ORDB before so no confirm needed
3) you have GBARR's Mail::Internet and Kevin Johnson's Mail::Folder
bugs:
-----
1) it doesn't get the relay IP right all the time (me too lazy to fix the
regex)
2) it doesn't check for open relay (lets ORDB do that.. because checking
a relay yourself can get you sued for theft of service)
3) it can resubmit (that's OK, ORDB knows about resubmits, but we could
keep track of previous submits in a file or something to lessen their
work)
4) it's a quickie hack
--- begin script ---
#!/opt/bin/perl
# extract relay IP's from an mbox file containing KNOWN SPAMS
use strict;
use Mail::Internet;
use Mail::Folder::Mbox;
### MAIN PROGRAM STARTS HERE ###
if (! -f "spamfolder") {
die "Spam folder cannot be found\n";
}
my $folder = new Mail::Folder("mbox");
my $num_msgs = $folder->open("spamfolder");
my $i = 0;
my $j = 0;
my $line;
open (MAIL, "|/usr/sbin/sendmail relays\@ordb.org") or die;
print MAIL "From: orly\@mozcom.com\n\n";
while ($i < $num_msgs) {
$line = undef;
my $message = $folder->get_message ($i + 1);
my $body_ref = $message->body();
my $head = $message->head();
# look for a "Received" line
# the last one belongs to the spammer, but we want the
# one immediately before our MX (the open relay)
# cause the spammer is prolly on a dynamic IP
my @rcvd = $head->get ("Received");
my $spammer = $rcvd[$#rcvd];
# start FROM THE BOTTOM!!
my $count = $#rcvd - 1;
while ($count >= 0) {
my $line = $rcvd[$count];
$line =~ s/\n//g;
$line =~ s/\s+/ /g;
# the ifs are to prevent OUR OWN mail relays
# to be picked up; we're not an open relay, but
# we don't want to waste ORDB's time..
if ((
$line =~ /by homeworld/ ||
$line =~ /by darkstar/) && !(
$line =~ /from homeworld/ ||
$line =~ /from darkstar/)) {
$spammer = $line;
last;
}
$count--;
}
# ok, the interesting part goes
# format for [EMAIL PROTECTED] grokking
if ($spammer =~ /(\[\d+\.\d+\.\d+\.\d+\])/) {
my $ip = $1;
$ip =~ s/\[|\]//g;
print MAIL "Relay: $ip\n";
$j++;
}
$i++;
}
close (MAIL);
exit;
--- end script ---
---
Orlando Andico <[EMAIL PROTECTED]>
Mosaic Communications, Inc.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
