procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

formail recipe question

2007-02-24 21:34:03
from [Chris] [Permanent Link] 
Earthlink has added something to their headers around the middle of this month 
which is messing up the way a script I run to report spam to NANAS works. 
Here is an example of how a header used to look:

Return-Path: <harley-request(_at_)the-hed(_dot_)net>
 Received: from pop.earthlink.net [209.86.93.211]
        by localhost with POP3 (fetchmail-6.2.5)
        for cpollock(_at_)localhost (single-drop); Sun, 18 Feb 2007 12:31:47 
-0600 
(CST)
 Received: from kyoto.hostforweb.net ([205.234.253.9])
        by mx-emperor.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP 
id 1hiQNi5aZ3Nl34l0; Sun, 18 Feb 2007 13:29:52 -0500 (EST)
 Received: from thehed by kyoto.hostforweb.net with local (Exim 4.63)
        (envelope-from <harley-request(_at_)the-hed(_dot_)net>)
        id 1HIqaC-00066i-7C; Sun, 18 Feb 2007 12:16:20 -0600
 From: harley-request(_at_)the-hed(_dot_)net
 To: hogaholics(_at_)the-hed(_dot_)net
 Reply-To: harley(_at_)the-hed(_dot_)net
 Subject: harley digest #2007-54

And here is how it looks now:

Return-Path: <harley-request(_at_)the-hed(_dot_)net>
 Received: from pop.earthlink.net [209.86.93.201]
        by localhost with POP3 (fetchmail-6.2.5)
        for cpollock(_at_)localhost (single-drop); Thu, 22 Feb 2007 09:11:14 
-0600 
(CST)
 Received: from noehlo.host ([127.0.0.1])
        by mx-harris.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 
1hkfAgFm3Nl36v0; Thu, 22 Feb 2007 10:10:12 -0500 (EST)
 Received: from kyoto.hostforweb.net ([205.234.253.9])
        by mx-harris.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP 
id 1hkfAd2fC3Nl36v0; Thu, 22 Feb 2007 10:10:09 -0500 (EST)
 Received: from thehed by kyoto.hostforweb.net with local (Exim 4.63)
        (envelope-from <harley-request(_at_)the-hed(_dot_)net>)
        id 1HKDL2-0004K4-0H; Thu, 22 Feb 2007 06:46:20 -0600
 From: harley-request(_at_)the-hed(_dot_)net
 To: hogaholics(_at_)the-hed(_dot_)net
 Reply-To: harley(_at_)the-hed(_dot_)net
 Subject: harley digest #2007-55

This line has been added:

Received: from noehlo.host ([127.0.0.1])
        by mx-harris.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 
1hkfAgFm3Nl36v0; Thu, 22 Feb 2007 10:10:12 -0500 (EST)

The "from noehlo.host ([127.0.0.1]) is in each and every email. Is there a way 
to write a formail recipe to remove this header line? This is causing message 
headers to be parsed like this by the script:

SA Score:     39.6
Spam IP:      127.0.0.1 (localhost)
Base domain:  
Message ID:   <001501c75423$ae3d25e0$002b7dfc(_at_)S1099490557>
ASN (0):      3561  - CIDR: 0.0.0.0/0
ASN Org (0):  SAVVIS Communications

WHOIS Addrs (IP): abuse(_at_)iana(_dot_)org
ASN Addrs:        security(_at_)savvis(_dot_)net
RFCI WHOIS:   

No usable base domain.
Skipping recursed domains
Ignore addresses: 
Recipients: abuse(_at_)iana(_dot_)org
Recursed recipients: 

Reporting to abuse(_at_)iana(_dot_)org
...with: "Spam report: (127.0.0.1)  vshowcase"

The actual headers of this message showing the actual sender ip is:

Return-Path: <jkbbrand(_at_)nacintl(_dot_)com>
 Received: from pop.earthlink.net [209.86.93.201] 
        by localhost with POP3 (fetchmail-6.2.5) 
        for cpollock(_at_)localhost (single-drop); Mon, 19 Feb 2007 12:45:11 
-0600 
(CST)
 Received: from noehlo.host ([127.0.0.1]) 
        by mx-page.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 
1hjduR1tI3Nl36M0; Mon, 19 Feb 2007 13:44:21 -0500 (EST)
 Received: from static1-66-244-78-57.stfd.smithvilledsl.net ([66.244.78.57]) 
        by mx-page.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 
1hjduP1Sz3Nl36M0; Mon, 19 Feb 2007 13:44:19 -0500 (EST)
 Received: (qmail 42377 invoked from network); Mon, 19 Feb 2007 12:44:22 -0600
 Received: from unknown (HELO S1099490557) 
(jkbbrand(_at_)nacintl(_dot_)com@153.2.198.104) 
 by 394ef442nacintl.com with SMTP; Mon, 19 Feb 2007 12:44:22 -0600
 Message-ID: <001501c75423$ae3d25e0$002b7dfc(_at_)S1099490557>
 From: heart of <jkbbrand(_at_)nacintl(_dot_)com>
 To: cpohlman(_at_)earthlink(_dot_)net
 Subject: vshowcase
 Date: Mon, 19 Feb 2007 12:44:22 -0600
 MIME-Version: 1.0
 Content-Type: text/plain; 
        format=flowed; 
        charset="koi8-r"; 
        reply-type=original
 X-Priority: 3
 X-MSMail-Priority: Normal
 X-Mailer: Microsoft Outlook Express 6.00.2900.4682
 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2963
 X-ELNK-Received-Info: spv=1;
 X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000;
 X-SenderIP: 66.244.78.57
 X-ASN: ASN-11550
 X-CIDR: 66.244.64.0/18

-- 
Chris
KeyID 0xE372A7DA98E6705C

Attachment: pgpRfxZWW1z5X.pgp
Description: PGP signature

____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Lookup inside a procmail script, Professional Software Engineering
Next by Date:  Re: formail recipe question, Michael J Wise
Previous by Thread:  CC: results in extra copy of message when forwarding, Patrick Baldwin
Next by Thread:  Re: formail recipe question, Michael J Wise
Indexes:  [Date] [Thread] [Top] [All Lists]