procmail
[Top] [All Lists]

Re: Procmail vs perl script syntax

2006-08-18 15:34:37

From: Dallman Ross <dman(_at_)nomotek(_dot_)com>
To: procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
Subject: Re: Procmail vs perl script syntax
Date: Tue, 15 Aug 2006 15:06:13 +0200

On Tue, Aug 15, 2006 at 01:02:38PM +0200, Ruud H.G. van Tol wrote:

Jack Stone schreef:

I am trying to use a procmail recipe that first runs a perl script
to get the "remote IP" of a message, but I have a syntax error in
the perl script. Got the script from SORBS.

This is not a Perl list, and the script is a mess anyway, so best
replace it by a pure procmail recipe, which can be as simple as:

   REMOTEIP = '127.0.0.1'
   :0
   * ^Received: from [^[]+\[\/[0-9.]+]\).*by mxhost[0-9]+\.myisp\.tld[ ]
   * MATCH ?? ^^\/[0-9.]+
   { REMOTEIP = $MATCH }

(you need to adjust the "mxhost451.myisp.tld" part)

Or, if the Jack Stone who started this thread is the same Jack Stone
who has in the past made himself known to me via my Virus Snaggers(tm)
project (or even if he isn't); once vsnag has run, it contains a var
called $H_BTM_HOST that has what vsnag thinks is the bottommost host
in the Received chain.  E.g., from his message, vsnag says:

 3:01pm [~/Mail] 237[0]> vsnag.point-n-shoot.sh antennex | grep 
H_BTM_HOST:
 * H_BTM_HOST:   65.54.161.200

And that IP address belongs to Microsoft, which makes sense, because
Mr. Stone used a hotmail address to write the list.

I haven't revisited the vsnag code in over a year.  But it's still stopping
most every virus I get, and finding cruft that clamscan doesn't stop
because it contains, e.g., a corrupted zip file.  (The corrupted zip
won't endanger your PC, but it's still annoying to have the email
land in one's inbox.  Vsnag stops them fine.)

  http://vsnag.spamless.us/

IOW, run vsnag if you want, and then afterward write a recipe of your own
to do whatever you want with what you find in $H_BTM_HOST.

Dallman


Dallman: Thanks for your suggestion & I reactivated vsnag in order to get 
the IP match I needed. However, I did not find a "H_BTM_HOST". Instead, I 
found a "H_BTM_CLIENT" which does the same thing.

My final working recipe is:
## Test recipe
REMOTEIP = ${H_BTM_CLIENT}
:0
* ^Received: from [^[]+\[\/[0-9.]+]\).*by mail\.sagedata\.net[ ]
* MATCH ?? ^^\/[0-9.]+
{ REMOTEIP = $MATCH }

:0
* ! REMOTEIP ?? ^^(10|127|172\.(1[6-9)|2[0-9]|3[01])|192\.168|169\.254)\.
* ! ? /usr/local/bin/rblcheck -qc -s spam.dnsbl.sorbs.net ${REMOTEIP}
{
    :0 fhw
    | formail -A"X-$HOST-Spam: dnsbl.sorbs.net"
    :0
    $SORBS
}

BTW: I disarmed the ZIP snagger so I won't once again have FPs.

Thanks!
Jack

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail