You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2005/03/01 18:37:49 UTC
Re: another request for RECEIVED[x] array
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Eric --
actually, there is such a thing in SpamAssassin 3.0.x ;) e.g.:
header HELO_DYNAMIC_HCC X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S*\d+[^\d\s]+\d+\S*\.(?:docsis|cable|dsl|adsl|dhcp|cpe)\./i
it doesn't extract *everything*, but does cover quite a lot; rDNS, HELO,
IP, "received by" hostname, ident, envelope-from, whether the host was in
internal_networks, the SMTP ID string used in the Received line, and
whether signs of authentication were present.
You can see it in -D output:
debug: metadata: X-Spam-Relays-Trusted:
debug: metadata: X-Spam-Relays-Untrusted: [ ip=199.172.62.20 rdns=europe.std.com helo=europe.std.com by=mail.netnoteinc.com ident= envfrom= intl=0 id=392E1114061 auth= ] [ ip=199.172.62.134 rdns=sgi04-e.std.com helo=sgi04-e.std.com by=europe.std.com ident= envfrom= intl=0 id=RAA08749 auth= ] [ ip=199.172.62.5 rdns=world-f.std.comhelo=world.std.com by=sgi04-e.std.com ident= envfrom= intl=0 id=RAA8278330 auth= ][ ip=199.172.62.134 rdns=sgi04-e.std.com helo=sgi04-e.std.com by=europe.std.com ident= envfrom= intl=0 id=RAA07541 auth= ] [ ip=199.172.62.5 rdns=world-f.std.com helo=world.std.com by=sgi04-e.std.com ident= envfrom= intl=0 id=RAA8416421 auth= ] [ ip=208.192.102.199 rdns=ppp0c199.std.com helo=!208.192.102.193! by=world.std.com ident= envfrom= intl=0 id=RAA14226 auth= ]
or change your config to use the _RELAYSTRUSTED_ and _RELAYSUNTRUSTED_
tag items in a header, to get them in rewritten mails, e.g.
add_header all Relays-Trusted _RELAYSTRUSTED_
add_header all Relays-Untrusted _RELAYSUNTRUSTED_
- --j.
Eric A. Hall writes:
> I'm revisiting some rulesets that I'm wanting to write, but am struggling
> again with the lack of Received header parsing. The rules I want to have
> available to me are:
>
> 1) Check for a reverse-DNS match
>
> 2) Check for HELO (versus EHLO)
>
> 3) Check for TLS
>
> In order to do this, I really need an array of Received header meta-data
> (might also benefit from separate arrays of trusted vs untrusted Received
> headers but that's not needed right now).
>
> Array entries should go from top to bottom with RCVD_HDR[0] (or whatever)
> being the top-most header. Each array entry should have elements for
> hostname, HELO/EHLO, recipient, and the other elements described in
> RFC2821 for Received headers, as well as a full-text representation of the
> header (unwrapped into a single line).
>
> I'm aware that the syntax and structure of Received headers vary
> dramatically across implementations (and even across installations of a
> specific implementation), and that this can become pretty difficult, but
> this is really needed in order to do protocol-level validity tests from
> within SA.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFCJKhtMJF5cimLx9ARAiDIAJ4+Tme3MNzQjhpWdFcDw853YbP1LgCgokhu
xvhgg4PI96wvOOgwb6cBUUI=
=ZQza
-----END PGP SIGNATURE-----
Re: another request for RECEIVED[x] array
Posted by "Eric A. Hall" <eh...@ehsco.com>.
On 3/1/2005 12:37 PM, Justin Mason wrote:
> actually, there is such a thing in SpamAssassin 3.0.x ;) e.g.:
> debug: metadata: X-Spam-Relays-Untrusted: [ ip=199.172.62.20
> rdns=europe.std.com helo=europe.std.com by=mail.netnoteinc.com ident=
> envfrom= intl=0 id=392E1114061 auth= ]
This doesn't record the 'with' parameter (as in "with SMTP" or "with
ESMTP"), or any TLS info.
> I want to have available to me are:
>>
>> 1) Check for a reverse-DNS match
>>
>> 2) Check for HELO (versus EHLO)
>>
>> 3) Check for TLS
I already have a reverse-DNS rule coded up but I'd like to consolidate it
with the other two, but again, I really need a better view into the
transfer protocol from inside SA.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/