thanks for your input
First, I define a LOCAL_REGEXP (Your Mileage WILL Vary)
that will
recognize all possible IP patterns that are "Local"
to your mail
servers, (this just recognized 64.65.64.0/18 right now,
which works for
my purposes, but will almost certainly NOT work for
yours) RFC-1918
space is addressed later:
LOCAL_REGEXP="64\.65\.(6[4-9]|[7-9][0-9]|1([0-1][0-9]|2[0-7]))"
Then ...
-----
PREFIX='^'
INSERT='Received:.*\(.*\[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\]\)(.*^)+'
# The main Magick Moste Evile happens here.
INCLUDERC=$SPAMMO_DIR/recursive.rc
:0
* XINPUT ?? ^^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{
# Reverse the octets.
:0
* XINPUT ?? ()\/[0-9]+
{ QUAD1=$MATCH }
:0
* XINPUT ?? ()[0-9]+\.\/[0-9]+
{ QUAD2=$MATCH }
:0
* XINPUT ?? ()[0-9]+\.[0-9]+\.\/[0-9]+
{ QUAD3=$MATCH }
:0
* XINPUT ?? ()[0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
{ QUAD4=$MATCH }
REVERSED="$QUAD4.$QUAD3.$QUAD2.$QUAD1"
# http://spamcop.net
NSLOOKUP=`host ${REVERSED}.bl.spamcop.net 2> /dev/null`
:0
* NSLOOKUP ?? 127.0.0.2
{
# Do Something Interesting
}
}
-----
And so on.
Here is a basic version of recursive.rc:
-----
:0
* $ ${PREFIX}Received:.*\(.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{
# we have an IP address. Save it in a temporary variable.
THEHOST=$MATCH
# If it's local, keep looking.
# Local is defined as:
# 127.0.0.1, anything in RFC1918-land, and whatever
is in LOCAL_REGEXP.
:0
* $ THEHOST ?? ^^[
]*(127\.0\.0\.1|10\.|172\.(1[6-9]|2[0-9]|3[0
-1])\.|192\.168\.|${LOCAL_REGEXP})
{
PREFIX=$PREFIX$INSERT
INCLUDERC=$SPAMMO_DIR/recursive.rc
}
# otherwise, if XINPUT is NOT already defined,
# we have a match at this point. Tag it NOW.
:0 E
* XINPUT ?? ^^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{
DUMMY=""
}
:0 E
{
XINPUT=$THEHOST
# Tag it, and trash ALL existing Comments: headers.
:0 fwh
| formail -I "Comments: INPUT $XINPUT"
# Other interesting stuff may happen here, when we
KNOW that we have
the handoff header.
}
}
-----
the problem for me is not to identify emails from local host ip
i have something like this and a DNSBL in my sendmail.cf
####
X_LOCAL_IP=123.123.123.123 #:)
:0 #inspired by Dallman's VSNAG
* $ ^Received:[$WS]*from[$WS]+\/[^$WS].+[$WS]by[$WS]
{ X_RECEIVED=$MATCH
:0
* $ MATCH ?? [[]\/$DOTQUAD
{ X_SENDER_IP="$MATCH" }
}
to get the sender ip
and
:0
* $ X_RECEIVED ?? .*\/($HOST|$X_LOCAL_IP)
{
:0
* $ X_SENDER_IP ?? !$X_LOCAL_IP
{ ITS_EVIL=$TRUE }
}
to make shure email with my domain name
or my server ip in the Received from
is from my domain all other is evil, so i hope:)
but this is not the point
in a chaine of several Received: from header fields
this rules will MATCH on any Received: from
header not only on the top most who comes from my sendmail
so someone is able to get around this if he
puts in the message some header i test for
bevor the last one got created by receiving the mail.
also counting is not usefull for my problem.
every time !target is the aktion in procmail
a new Received: from is the result
Received: (from filter(_at_)localhost)
by its-h.de (8.13.4/8.13.4) id j6RLPlEH029061
for filter2; Wed, 27 Jul 2005 23:25:47 +0200 (CEST)
(envelope-from filter)
Received: (from mhaeker(_at_)localhost)
by its-h.de (8.13.4/8.13.4) id j6RLPlBh029057
for filter; Wed, 27 Jul 2005 23:25:47 +0200 (CEST)
(envelope-from mhaeker)
to recognise local loops i use
:0
* $ ^Received:[$WS]*[^$WS]from[$WS]\/[^$WS]*
* $ MATCH ?? [\(_at_)]\/.*[^\)]
* $ MATCH ?? localhost
{ X_IS_LOCAL=$TRUE }
but there is the same problem
if there are some more Received: (from anyword(_at_)localhost)
already contained in the email i have a MATCH
so again my question
how to make shure to only test the top most fresh
from my sendmail created Received: from
or any other to make shure my host know / dont know this email ?
i thought about puting the message id in a file and grep it to control
or .........??????
tia
Matthias
*************
maybe sometimes i am fighting against Windmill
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail