From: Dallman Ross <dman(_at_)nomotek(_dot_)com>
To: procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
Subject: Re: Procmail vs perl script syntax
Date: Tue, 15 Aug 2006 15:06:13 +0200
On Tue, Aug 15, 2006 at 01:02:38PM +0200, Ruud H.G. van Tol wrote:
> Jack Stone schreef:
>
> > I am trying to use a procmail recipe that first runs a perl script
> > to get the "remote IP" of a message, but I have a syntax error in
> > the perl script. Got the script from SORBS.
>
> This is not a Perl list, and the script is a mess anyway, so best
> replace it by a pure procmail recipe, which can be as simple as:
>
> REMOTEIP = '127.0.0.1'
> :0
> * ^Received: from [^[]+\[\/[0-9.]+]\).*by mxhost[0-9]+\.myisp\.tld[ ]
> * MATCH ?? ^^\/[0-9.]+
> { REMOTEIP = $MATCH }
>
> (you need to adjust the "mxhost451.myisp.tld" part)
Or, if the Jack Stone who started this thread is the same Jack Stone
who has in the past made himself known to me via my Virus Snaggers(tm)
project (or even if he isn't); once vsnag has run, it contains a var
called $H_BTM_HOST that has what vsnag thinks is the bottommost host
in the Received chain. E.g., from his message, vsnag says:
3:01pm [~/Mail] 237[0]> vsnag.point-n-shoot.sh antennex | grep
H_BTM_HOST:
* H_BTM_HOST: 65.54.161.200
And that IP address belongs to Microsoft, which makes sense, because
Mr. Stone used a hotmail address to write the list.
I haven't revisited the vsnag code in over a year. But it's still stopping
most every virus I get, and finding cruft that clamscan doesn't stop
because it contains, e.g., a corrupted zip file. (The corrupted zip
won't endanger your PC, but it's still annoying to have the email
land in one's inbox. Vsnag stops them fine.)
http://vsnag.spamless.us/
IOW, run vsnag if you want, and then afterward write a recipe of your own
to do whatever you want with what you find in $H_BTM_HOST.
Dallman
Hello Dallman & glad to hear from you again & I enjoyed your Vsnag work.
I have since for many months now been using Clamav and found it to be very
thorough in catching viruses. It updates the virus list every 15 mins --
when I started using it, the list was abour 40k+ and note now it exceeds 60k
in just a few months.
You Vsnag is very good indeed, but the only "snag" problem I kept getting
was some FP attachments which I get from a lot of my Tech writers. I just
couldn't solve that issue -- probebly my fault as one can see I am
script-challenged.
With this new issue, I just started using SORBS at the sendmail level for a
couple of their zones, but wante to use another zone in Procmail to catch
some that might need reviewing as opposed to a fat reject as the others do
at the sendmail level.
I'm amazed too at how bad this SORBS recipe/perl script is and I found
myself far too deep into it before giving up.
I will look at your suggestions and see what I can do futher with this idea
of using Procmail to check against a target zone at dnsbl.sorbs.net.
Thanks to everyone for the help on this.
This is the procmail recipe I need to recook to first obtain the real sender
IP and then check it against the SORBS zone. Obviously, I need to call
something other than the bad script to get the "originating IP."
---------------------------------------------------------------------------------
# First, get the originating IP using the origip.pl script
TCPREMOTEIP=`origip.pl || echo 127.0.0.1`
:0
* ! ? if [ -n "$TCPREMOTEIP" ]; then rblcheck -q -s dnsbl.sorbs.net
"$TCPREMOTEIP"; fi
{
:0 fhw
| formail -A "X-Suspected-Spam: RBL - BLOCKED - dnsbl.sorbs.net"
:0:
$REVIEWBOX
---------------------------------------------------------------------------------
All the best,
Jack
_________________________________________________________________
Don?t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail