On Thu, Jan 29, 2004 at 01:37:59PM -0500,
mengwong(_at_)dumbo(_dot_)pobox(_dot_)com wrote:
| | Can one of the perl gurus knock up a filter that we can put into user
| | .procmailrc files and so on that adds Received-SPF lines? I'll make a
| | seperate post on my version of this in a moment.
| The challenge is picking out the correct IP. Maybe the author of
| SpamBouncer can help.
I can help with a Procmail script. It's been a few years since I've
used perl much, and I never used it for this kind of thing, so I'm
sure there are a dozen people on this email list who could do a better
job than I could in a tenth the time.
As things stand, I'm in the middle of a "from the ground up" rewrite
of the SpamBouncer's header parsing code in preparation for the
SpamBouncer 2.0 release. What I have right now is working fairly
well, although I'm still debugging it. It does, however, reliably
identify and extract the first external IP from the proper "Received:
from" header already.
What the script will do is parse all headers in an incoming email,
extract the following information, and assign each to the designated
variable. You'll then be able to use those variables to do all kinds
of stuff later. (I use them to do lookups on RDNSBLs, will use them
for SPF lookups, and quite a lot else.)
Variable Name Variable Content
----------------------------------------------------------------------
FIRSTEXIP First External Received: IP
FIRSTEXHOST First External Received Host (rDNS verified)
FIRSTEXHELO Helo from First External "Received: from" header
FIRSTEXTOHOST "by" Host from First External "Received: from"
header
The following information is also generated from what is extracted
above:
FIRSTEXDOMAIN Domain extracted from FIRSTEXHOST
FIRSTEXHELODOMAIN Domain extracted from FIRSTEXHELO, if one
FIRSTEXTODOMAIN Domain extracted from FIRSTEXTOHOST
FIRSTEXHOSTIP IP of FIRSTEXHOST
In addition, the following variables contain the "reversed" IPs
generated from the IPs above, for lookups on rDNS(B|W)Ls:
FIRSTEXREVIP
FIRSTEXHOSTREVIP
Corresponding variables are provided for the second, third, and
fourth external "Received: from" headers, assuming an email has that
many headers with unforged and non-local/non-ICANN-nonroutable IPs.
If anyone wants a set of Procmail scripts that they can drop into
their Procmail scripts directory and then reference to get this
information, email me and I'll happily send you my alpha code,
and updates when available. (I was already planning to release
this code as a standalone drop-in when it was finished, for those
who prefer to homebrew their own Procmail stuff.)
Now, what I *really* need to do is figure out how to call "host" to
do a "TXT" record lookup, and then figure out how to parse it in
Procmail.... Should be simple, but if anyone has already figured
this out, let me know.
--
Catherine Hampton <ariel(_at_)spambouncer(_dot_)org>
The SpamBouncer * <http://www.spambouncer.org/>
Personal Home Page * <http://www.devsite.org/>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡