procmail
[Top] [All Lists]

Re: howto make shure to get the right Received header

2005-07-28 10:39:24

thanks for your input 

First, I define a LOCAL_REGEXP (Your Mileage WILL Vary)
that will  
recognize all possible IP patterns that are "Local"
to your mail  
servers, (this just recognized 64.65.64.0/18 right now,
which works for  
my purposes, but will almost certainly NOT work for
yours) RFC-1918  
space is addressed later:

      LOCAL_REGEXP="64\.65\.(6[4-9]|[7-9][0-9]|1([0-1][0-9]|2[0-7]))"
Then ...

-----
      PREFIX='^'
      INSERT='Received:.*\(.*\[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\]\)(.*^)+'
# The main Magick Moste Evile happens here.
      INCLUDERC=$SPAMMO_DIR/recursive.rc

      :0
      * XINPUT ?? ^^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
              {
              # Reverse the octets.

              :0
              * XINPUT ?? ()\/[0-9]+
                      { QUAD1=$MATCH }

              :0
              * XINPUT ?? ()[0-9]+\.\/[0-9]+
                      { QUAD2=$MATCH }

              :0
              * XINPUT ?? ()[0-9]+\.[0-9]+\.\/[0-9]+
                      { QUAD3=$MATCH }

              :0
              * XINPUT ?? ()[0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
                      { QUAD4=$MATCH }

              REVERSED="$QUAD4.$QUAD3.$QUAD2.$QUAD1"

      # http://spamcop.net
      NSLOOKUP=`host ${REVERSED}.bl.spamcop.net 2> /dev/null`
:0
              * NSLOOKUP ?? 127.0.0.2
                      {
                      # Do Something Interesting
                      }
              }
-----

And so on.
Here is a basic version of recursive.rc:

-----
:0
* $ ${PREFIX}Received:.*\(.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{
      # we have an IP address. Save it in a temporary variable.
THEHOST=$MATCH

      # If it's local, keep looking.
      # Local is defined as:
      # 127.0.0.1, anything in RFC1918-land, and whatever
is in LOCAL_REGEXP.
      :0
      * $ THEHOST ?? ^^[  
]*(127\.0\.0\.1|10\.|172\.(1[6-9]|2[0-9]|3[0 
-1])\.|192\.168\.|${LOCAL_REGEXP})
              {
              PREFIX=$PREFIX$INSERT
              INCLUDERC=$SPAMMO_DIR/recursive.rc
              }

      # otherwise, if XINPUT is NOT already defined,
      # we have a match at this point. Tag it NOW.
      :0 E
      * XINPUT ?? ^^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
              {
              DUMMY=""
              }

      :0 E
              {
              XINPUT=$THEHOST

              # Tag it, and trash ALL existing Comments: headers.
:0 fwh
              | formail -I "Comments: INPUT $XINPUT"

              # Other interesting stuff may happen here, when we
KNOW that we have  
the handoff header.
              }
      }
-----


the problem for me is not to identify emails from local host ip

i have something like this and a DNSBL in my sendmail.cf



####
X_LOCAL_IP=123.123.123.123 #:)

:0 #inspired by Dallman's VSNAG
* $ ^Received:[$WS]*from[$WS]+\/[^$WS].+[$WS]by[$WS]
{ X_RECEIVED=$MATCH
    :0
     * $ MATCH  ??  [[]\/$DOTQUAD
     { X_SENDER_IP="$MATCH" }
}

to get the sender ip

and


:0 
* $ X_RECEIVED ?? .*\/($HOST|$X_LOCAL_IP)
{ 
  :0
  * $ X_SENDER_IP ?? !$X_LOCAL_IP
  {  ITS_EVIL=$TRUE  } 
}

to make shure email with my domain name
or my server ip in the Received from
is from my domain all other is evil, so i hope:)

but this is not the point

in a chaine of several Received: from header fields 
this rules will MATCH on any Received: from  
header not only on the top most who comes from my sendmail

so someone is able to get around this if he 
puts in the message some header i test for 

bevor the last one got created by receiving  the mail.

also counting is not usefull for my problem.

every time !target is the aktion in procmail

a new Received: from is the result

Received: (from filter(_at_)localhost)
        by its-h.de (8.13.4/8.13.4) id j6RLPlEH029061
        for filter2; Wed, 27 Jul 2005 23:25:47 +0200 (CEST)
        (envelope-from filter)
Received: (from mhaeker(_at_)localhost)
        by its-h.de (8.13.4/8.13.4) id j6RLPlBh029057
        for filter; Wed, 27 Jul 2005 23:25:47 +0200 (CEST)
        (envelope-from mhaeker)

to recognise local loops i use
 
:0
* $ ^Received:[$WS]*[^$WS]from[$WS]\/[^$WS]*
* $ MATCH ?? [\(_at_)]\/.*[^\)]
* $ MATCH ?? localhost
{ X_IS_LOCAL=$TRUE }

but there is the same problem

if there are some more Received: (from anyword(_at_)localhost)
already contained in the email i have a MATCH

so again my question 
how to make shure to only test the top most fresh 
from my sendmail created Received: from

or any other to make shure my host know / dont know this email ?

i thought about puting the message id in a file and grep it to control
or .........??????

tia

Matthias
*************

maybe sometimes i am fighting against Windmill



____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail