Hello :)
I've got a relay scanner script that I'm using on the domains that I
administrate.
The relay scanner sends a message (using a perl script) that contains a
custom header:
$Mssg_header = <<"EOF";
To: $RcptTo_addr
From: $MailFrom_addr
Subject: Road Runner test for susceptibility to third-party mail relay [Region]
Date: $adate
Message-Id: <rlytest-$now-$$\(_at_)$Hostname>
Sender: $Actual_sender
X-Road-Runner-Relay-Token: $Target_host
EOF
Now, Along with this, whenever a host fails, we create a file called
$Target_host.FAIL, detailing exactly where the relay test failed.
What I'd like to do is filter on the header "X-Road-Runner-Relay-Token" if
the message gets back to us (it shouldn't, but if it does, it's a bad thing).
Then, I'd like to send a message to postmaster(_at_)$Target_host,
administrator(_at_)$Target_host, and root(_at_)$Target_host with a message along on
lines of:
[...]
On $adate, your mail server at $Target_host failed a test for Third Party
Relay.
[...]
So, I know that I have to define both $Target_host and $adate based on the
headers as they arrive in the received message. Here's what one looks like
when it comes back to us:
---begin---
To: relaytest(_at_)rr(_dot_)com
From: relaytest(_at_)rr(_dot_)com
Subject: Road Runner test for susceptibility to third-party mail relay
[Region]
Date: Mon, 17 Jan 2000 08:55:48 GMT
Message-Id: <rlytest-948099348-20358(_at_)hrnva-sec01(_dot_)rr(_dot_)com>
Sender: markh(_at_)hrnva-sec01(_dot_)rr(_dot_)com
X-Envelope: <openrelaytest(_at_)localhost> -> <relaytest(_at_)rr(_dot_)com>
X-Road-Runner-Relay-Token: xx.xxx.xx.xxx
This is a test of third-party mail relay.
Target host = xx.xxx.xx.xxx 4273277
Test performed by <markh(_at_)hrnva-sec01(_dot_)rr(_dot_)com>
---end---
So now I have a bunch of variables, and an incoming message, and a message
that has to be sent out.
So.
When the above message comes in, I want to do the following:
1. Strip out the Date header, turn it into $date
2. Strip out the X-Road-Runner-Relay-Token header, turn it into $Target_host
3. Based on $Target_host, construct a new message to send out:
To: postmaster(_at_)$Target_host, root(_at_)$Target_host,
administrator(_at_)$Target_host
From: relaytest(_at_)rr(_dot_)com
Date: Current Date (not $adate)
Subject: $Target_host has failed a Mail Relay Test...
On $adate, your mail server at $Target_host failed a test for Third Party
Relay.
cat why_relay_is_bad.txt
cat $Target_host.FAIL
Send the message.
And I'm *very* lost, so any help is greatly appreciated. :)
Mark
W. Mark Herrick, Jr. <markh(_at_)va(_dot_)rr(_dot_)com> _.._
_.._
Senior Security Administrator ,','"_:./\/\,'_ `.`.
Team Lead - Usenet Operations /_:--:_ ( oo ) _:--:_\
Road Runner Security - 703.345.2477 /' `'`vv'`' `\
<abuse(_at_)rr(_dot_)com><security(_at_)rr(_dot_)com><fraud(_at_)rr(_dot_)com>