On 31 Mar, Kim Scarborough wrote:
| > I'm not knowledgable about this, but that last bit doesn't quite make
| > sense to me... if spam is coming through your backup server, why do
| > want to trust your backup server? Don't you really mean check the IP
| > of the server your backup server got the message from?
|
| I may have phrased it badly. My script is currently checking the IP address
of
| my backup MX server over and over again. I *want* it to check the IP of the
| server my backup MX got the mail from.
|
| > Perhaps it would help if you post your recipe or some pseudocode of
| > what you're trying to do, along with sample message headers... that
| > recipe by itself doesn't look bad, but perhaps the CHECK variable
| > doesn't contain the Received header you're looking for, ie you need to
| > check the second or third Received header instead.
|
| I've posted the entire script here:
<http://www.unknown.nu/temp/spamblock.rc>.
| It's basically a stripped-down copy of spambouncer which I've reworked to
make
| behave more like how I want. Scroll down to "# Get the IP" which is where the
| RBL stuff starts.
If I undertand correctly, when mail is delivered through the primary
MX, you get the IP of the remote machine from the topmost Received:
header. If, the messages is delivered to the secondary MX, that IP is
in the second (from the top) Received: header. Presumably, that's
because the secondary MX queues the mail for eventual delivery to the
primary, so that the topmost Received: header reports 2nd MX -> 1st MX
handoff.
If that's correct, then you need to ignore the topmost Received: header
and grab the ip from the second one, but your regular expression always
matches the first. You either need to come up with a regular expression
that doesn't match Received: 2MX -> 1MX or, probably easier, use 2
conditions - one scored. Pseudo-code only since I don't have an example
of the headers in question.
You have:
:0
* ()\/Received: from.*
and want something like:
:0
* 1^1 ^\/Received:.*
* ! MATCH ?? ()\<mx1hostname.domain.tld\>.*\<mx2hostname.domain.tld\>
N.B. the "reverse" order of mx hosts above, because Received headers
don't report mx to -> mx, but mx <- from mx.
The scoring with non-zero exponent part will cause procmail to continue
looking at Received: headers until it it finds one that doesn't match
the second condition. If I haven't exactly understood, some variation
on this is probably still what you want, assuming the Received: header
you need to ignore is predictable (matchable by a regular expression),
and that the first Received: that does not match the regular expression
is always the one you want.
--
Email address in From: header is valid * but only for a couple of days *
This is my reluctant response to spammers' unrelenting address harvesting
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail