procmail
[Top] [All Lists]

Re: Using Procmail for RBL Blacklists

2003-04-06 17:58:38
Thanks for the help! I'm getting closer to getting this to work. I
substituted this recipe for what I had, so now I'm using this to get the
originating IP:

:0
* 1^1 ^\/Received:.*
* ! MATCH  ?? from astro\.snellfamily\.com.*by jinx\.unknown\.nu
{
        CHECK=${MATCH}
        :0
        *$  CHECK ?? Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
        { CHECKIP=${MATCH} }
}

This solves my original problem of not grabbing astro's IP, but now it's
grabbing the first IP address in the received headers, which is usually
forged. For example, for this message:

Return-Path: <ryr16351k8s(_at_)yahoo(_dot_)com>
X-Original-To: sluggo(_at_)unknown(_dot_)nu
Delivered-To: sluggo(_at_)unknown(_dot_)nu
Received: from astro.snellfamily.com (astro.snellfamily.com
[192.148.252.20])
        by jinx.unknown.nu (Postfix) with ESMTP id 4DE963D
        for <sluggo(_at_)unknown(_dot_)nu>; Sun,  6 Apr 2003 20:23:16 -0400 
(EDT)
Received: from RJ206019.user.veloxzone.com.br
(RJ206019.user.veloxzone.com.br [200.165.206.19])
        by astro.snellfamily.com (Postfix) with SMTP id 987DD30040
        for <sluggo(_at_)unknown(_dot_)nu>; Sun,  6 Apr 2003 20:23:05 -0400 
(EDT)
Received: from go.com (9410 [190.229.217.178])
        by  voila.fr (8.12.1/8.12.1) with ESMTP id 7361
        for <sluggo(_at_)unknown(_dot_)nu>; Sun, 6 Apr 2003 17:16:38 -0700
Received: from go.com ([133.140.97.171])
        by sympatico.ca (8.9.3/8.9.3) with SMTP id 14765
        for <sluggo(_at_)unknown(_dot_)nu>; Sun, 6 Apr 2003 17:16:33 -0700
Message-ID: 
<23511595voxjjrCxqnqrzq1qx(_at_)blackman15(_dot_)freeserve(_dot_)co(_dot_)uk>
From: "dorrie" <ryr16351k8s(_at_)yahoo(_dot_)com>
To: "sluggo(_at_)unknown(_dot_)nu" <sluggo(_at_)unknown(_dot_)nu>
Date: Sun, 6 Apr 2003 17:16:28 -0700
Subject: Hot Girls Gone Bad (AVI-16)   voxjjrCxqnqrzq1qx

The recipe above is grabbing 133.140.97.171, but I want it to get
200.165.206.19. Basically, I want to say "grab the received IP from the
line that says 'received by jinx.unknown.nu', unless that's the IP of
astro.snellfamily.org, in which case grab the IP of the machine that astro
received it from".

Sorry to be such a pest with this. I'm really confused by scoring recipes;
I keep reading the docs hoping for a light to come on, but it hasn't yet.

--
-------------------------------------------------------------------------------
Kim Scarborough                                      http://www.unknown.nu/kim/
-------------------------------------------------------------------------------
"Trying is the first step towards failure."
                                                                - Homer Simpson
-------------------------------------------------------------------------------

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail