Re: howto make shure to get the right Received header

On Jul 27, 2005, at 8:59 PM, Matthias Haeker wrote:

> i use
... a variant of Mr. Walt Dnes' original "Six-Pack" code that bases it  
on the IP address inside the []'s.

First, I define a LOCAL_REGEXP (Your Mileage WILL Vary) that will  
recognize all possible IP patterns that are "Local" to your mail  
servers, (this just recognized 64.65.64.0/18 right now, which works for  
my purposes, but will almost certainly NOT work for yours) RFC-1918  
space is addressed later:

        LOCAL_REGEXP="64\.65\.(6[4-9]|[7-9][0-9]|1([0-1][0-9]|2[0-7]))"

Then ...

-----
        PREFIX='^'
        INSERT='Received:.*\(.*\[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\]\)(.*^)+'

        # The main Magick Moste Evile happens here.
        INCLUDERC=$SPAMMO_DIR/recursive.rc

        :0
        * XINPUT ?? ^^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
                {
                # Reverse the octets.

                :0
                * XINPUT ?? ()\/[0-9]+
                        { QUAD1=$MATCH }

                :0
                * XINPUT ?? ()[0-9]+\.\/[0-9]+
                        { QUAD2=$MATCH }

                :0
                * XINPUT ?? ()[0-9]+\.[0-9]+\.\/[0-9]+
                        { QUAD3=$MATCH }

                :0
                * XINPUT ?? ()[0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
                        { QUAD4=$MATCH }

                REVERSED="$QUAD4.$QUAD3.$QUAD2.$QUAD1"

        # http://spamcop.net
        NSLOOKUP=`host ${REVERSED}.bl.spamcop.net 2> /dev/null`
                :0
                * NSLOOKUP ?? 127.0.0.2
                        {
                        # Do Something Interesting
                        }
                }
-----

And so on.
Here is a basic version of recursive.rc:

-----
:0
* $ ${PREFIX}Received:.*\(.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
        {
        # we have an IP address. Save it in a temporary variable.
        THEHOST=$MATCH

        # If it's local, keep looking.
        # Local is defined as:
        # 127.0.0.1, anything in RFC1918-land, and whatever is in LOCAL_REGEXP.
        :0
        * $ THEHOST ?? ^^[  
]*(127\.0\.0\.1|10\.|172\.(1[6-9]|2[0-9]|3[0 
-1])\.|192\.168\.|${LOCAL_REGEXP})
                {
                PREFIX=$PREFIX$INSERT
                INCLUDERC=$SPAMMO_DIR/recursive.rc
                }

        # otherwise, if XINPUT is NOT already defined,
        # we have a match at this point. Tag it NOW.
        :0 E
        * XINPUT ?? ^^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
                {
                DUMMY=""
                }

        :0 E
                {
                XINPUT=$THEHOST

                # Tag it, and trash ALL existing Comments: headers.
                :0 fwh
                | formail -I "Comments: INPUT $XINPUT"

                # Other interesting stuff may happen here, when we KNOW that we 
have  
the handoff header.
                }
        }
-----

Enjoy.
Oh yeah, at the start, make sure you define the PATH variable to  
include where to find formail, nslookup, etc.

Aloha mai Nai`a!
-- 
"Please have your Internet License             http://kapu.net/~mjwise/
   and Usenet Registration handy..."


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail