You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by he...@apache.org on 2019/11/27 12:35:58 UTC
svn commit: r1870501 - in /spamassassin:
branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm
trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm
Author: hege
Date: Wed Nov 27 12:35:58 2019
New Revision: 1870501
URL: http://svn.apache.org/viewvc?rev=1870501&view=rev
Log:
Fix various Received parsings
Modified:
spamassassin/branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm
Modified: spamassassin/branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm?rev=1870501&r1=1870500&r2=1870501&view=diff
==============================================================================
--- spamassassin/branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm (original)
+++ spamassassin/branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm Wed Nov 27 12:35:58 2019
@@ -503,6 +503,21 @@ sub parse_received_line {
}
}
+ # Microsoft SMTP Server
+ elsif (/ with (?:Microsoft SMTP Server|mapi id) (?:\([^\)]+\) )?\d+\.\d+\.\d+\.\d+(?:$| )/) {
+ # Received: from EXC-DAG-02.global.net (10.45.252.152) by EXC-DAG-02.global.net
+ # (10.45.252.152) with Microsoft SMTP Server (version=TLS1_2,
+ # cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1261.35;
+ # Mon, 29 Oct 2018 11:17:19 +0100
+ # Received: from AM5PR0402MB2836.eurprd04.prod.outlook.com
+ # ([fe80::19bd:c588:dd17:5226]) by AM5PR0402MB2836.eurprd04.prod.outlook.com
+ # ([fe80::19bd:c588:dd17:5226%6]) with mapi id 15.20.1943.023;
+ # Wed, 5 Jun 2019 10:17:08 +0000
+ if (/^(\S+) \(\[?(${IP_ADDRESS})(?:%[A-Z0-9._~-]*)?\]?\) by (\S+) /) {
+ $helo = $1; $ip = $2; $by = $3; $id = ''; goto enough;
+ }
+ }
+
elsif (/\[XMail /) { # bug 3791, bug 4053
# Received: from list.brainbuzz.com (63.146.189.86:23198) by mx1.yourtech.net with [XMail 1.20 ESMTP Server] id <S72E> for <ja...@ellingson.org.spamassassin.org> from <bo...@list.cramsession.com.spamassassin.org>; Sat, 18 Sep 2004 23:17:54 -0500
# Received: from list.brainbuzz.com (63.146.189.86:23198) by mx1.yourtech.net (209.32.147.34:25) with [XMail 1.20 ESMTP Server] id <S72E> for <ja...@ellingson.org.spamassassin.org> from <bo...@list.cramsession.com.spamassassin.org>; Sat, 18 Sep 2004 23:17:54 -0500
@@ -833,10 +848,15 @@ sub parse_received_line {
}
# Received: from acecomms [202.83.84.95] by mailscan.acenet.net.au [202.83.84.27] with SMTP (MDaemon.PRO.v5.0.6.R) for <sp...@lists.sourceforge.net>; Fri, 21 Feb 2003 09:32:27 +1000
- if (/^(\S+) \[(${IP_ADDRESS})\] by (\S+) \[(\S+)\] with /) {
+ if (/^(\S+) \[(${IP_ADDRESS})\] by (\S+) \[${IP_ADDRESS}\] with /) {
$mta_looked_up_dns = 1;
- $helo = $1; $ip = $2;
- $by = $4; # use the IP addr for "by", more useful?
+ $helo = $1; $ip = $2; $by = $3;
+ goto enough;
+ }
+
+ # Received: smtp510.aspkunden.de [(134.97.4.21)] by mail.aspemail.de (134.97.4.24) (MDaemon PRO v19.0.2) with ESMTP id md50018233933.msg; Tue, 16 Jul 2019 11:39:22 +0200
+ if (/^(\S+) \[\((${IP_ADDRESS})\)\] by (\S+) \(${IP_ADDRESS}\) /) {
+ $helo = $1; $ip = $2; $by = $3;
goto enough;
}
@@ -1222,7 +1242,24 @@ sub parse_received_line {
# from DL1GSPMX02 (dl1gspmx02.gamestop.com) by email.ebgames.com (LSMTP for Windows NT v1.1b) with SMTP id <21...@email.ebgames.com>; Tue, 12 Sep 2006 21:06:43 -0500
if (/\(LSMTP for/) { return 0; }
+
+ # from ([127.0.0.1]) with MailEnable ESMTP; Wed, 10 Jul 2019 10:29:59 +0300
+ if (/^\(\[${LOCALHOST}\]\) with MailEnable /) { return 0; }
+
+ # from facebook.com (RrlQsUbrndsQ6/zbJaSzSPcmy3GwqE5h6IukkE5GGBIJgonAFnoQE3L+9tv2TU3e 2401:db00:1110:50e8:face:0000:002f:0000)
+ # by facebook.com with Thrift id 423753524b5011e9a83e248a0796a3b2-169bd530; Wed, 20 Mar 2019 13:39:29 -0700
+ if (/^facebook\.com \([^\)]+\) by facebook\.com with Thrift id \S+$/) { return 0; }
+
+ # from 384836569573 named unknown by gmailapi.google.com with HTTPREST; Wed, 6 Mar 2019 03:39:24 -0500
+ if (/^\S+ named \S+ by gmailapi\.google\.com with HTTPREST$/) { return 0; }
+
+ # from mail.payex.com id <B5b8f11e30004>; Wed, 05 Sep 2018 01:14:43 +0200
+ if (/^\S+ id \S+$/) { return 0; }
+ # from [<41...@be2.maropost.com>] ([<41...@be2.maropost.com>] helo=maropost.com) by 643852-mailer2 (envelope-from 4124973-137966-3089@be2.maropost.com)
+ # (Jetsend MTA 0.0.1 with ESMTP; Fri Sep 14 14:36:56 EDT 2018
+ if (/^\[<.*? \(Jetsend/) { return 0; }
+
# if at this point we still haven't figured out the HELO string, see if we
# can't just guess
if (!$helo && /^(\S+)[^-A-Za-z0-9\.]/) { $helo = $1; }
@@ -1237,9 +1274,13 @@ sub parse_received_line {
# BY madman.mr.itd.umich.edu ID 434B508E.174A6.13932 ; 11 Oct 2005 01:41:34 -0400
# Received: FROM [192.168.1.24] (s233-64-90-216.try.wideopenwest.com [64.233.216.90])
# BY hackers.mr.itd.umich.edu ID 434B5051.8CDE5.15436 ; 11 Oct 2005 01:40:33 -0400
- if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) BY (\S+) ID (\S+)$/ ) {
+ # Received: FROM helo (1.2.3.4 [1.2.3.4]) BY xxx.com (Rockliffe SMTPRA 10.3.0)
+ # WITH SMTP ID <B0...@xxx.com> FOR <fo...@bar.net>; Tue, 6 Nov 2018 07:41:26 +0200
+
+ if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) BY (\S+) (?:\([^\)]+\) WITH SMTP )?ID <?(\S+?)>?(?: FOR <[^>]+>)?$/ ) {
$mta_looked_up_dns = 1;
$helo = $1; $rdns = $2; $ip = $3; $by = $4; $id = $5;
+ $rdns = '' if $rdns eq 'unverified';
goto enough;
}
}
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm?rev=1870501&r1=1870500&r2=1870501&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm Wed Nov 27 12:35:58 2019
@@ -499,6 +499,21 @@ sub parse_received_line {
}
}
+ # Microsoft SMTP Server
+ elsif (/ with (?:Microsoft SMTP Server|mapi id) (?:\([^\)]+\) )?\d+\.\d+\.\d+\.\d+(?:$| )/) {
+ # Received: from EXC-DAG-02.global.net (10.45.252.152) by EXC-DAG-02.global.net
+ # (10.45.252.152) with Microsoft SMTP Server (version=TLS1_2,
+ # cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1261.35;
+ # Mon, 29 Oct 2018 11:17:19 +0100
+ # Received: from AM5PR0402MB2836.eurprd04.prod.outlook.com
+ # ([fe80::19bd:c588:dd17:5226]) by AM5PR0402MB2836.eurprd04.prod.outlook.com
+ # ([fe80::19bd:c588:dd17:5226%6]) with mapi id 15.20.1943.023;
+ # Wed, 5 Jun 2019 10:17:08 +0000
+ if (/^(\S+) \(\[?(${IP_ADDRESS})(?:%[A-Z0-9._~-]*)?\]?\) by (\S+) /) {
+ $helo = $1; $ip = $2; $by = $3; $id = ''; goto enough;
+ }
+ }
+
elsif (/\[XMail /) { # bug 3791, bug 4053
# Received: from list.brainbuzz.com (63.146.189.86:23198) by mx1.yourtech.net with [XMail 1.20 ESMTP Server] id <S72E> for <ja...@ellingson.org.spamassassin.org> from <bo...@list.cramsession.com.spamassassin.org>; Sat, 18 Sep 2004 23:17:54 -0500
# Received: from list.brainbuzz.com (63.146.189.86:23198) by mx1.yourtech.net (209.32.147.34:25) with [XMail 1.20 ESMTP Server] id <S72E> for <ja...@ellingson.org.spamassassin.org> from <bo...@list.cramsession.com.spamassassin.org>; Sat, 18 Sep 2004 23:17:54 -0500
@@ -829,10 +844,15 @@ sub parse_received_line {
}
# Received: from acecomms [202.83.84.95] by mailscan.acenet.net.au [202.83.84.27] with SMTP (MDaemon.PRO.v5.0.6.R) for <sp...@lists.sourceforge.net>; Fri, 21 Feb 2003 09:32:27 +1000
- if (/^(\S+) \[(${IP_ADDRESS})\] by (\S+) \[(\S+)\] with /) {
+ if (/^(\S+) \[(${IP_ADDRESS})\] by (\S+) \[${IP_ADDRESS}\] with /) {
$mta_looked_up_dns = 1;
- $helo = $1; $ip = $2;
- $by = $4; # use the IP addr for "by", more useful?
+ $helo = $1; $ip = $2; $by = $3;
+ goto enough;
+ }
+
+ # Received: smtp510.aspkunden.de [(134.97.4.21)] by mail.aspemail.de (134.97.4.24) (MDaemon PRO v19.0.2) with ESMTP id md50018233933.msg; Tue, 16 Jul 2019 11:39:22 +0200
+ if (/^(\S+) \[\((${IP_ADDRESS})\)\] by (\S+) \(${IP_ADDRESS}\) /) {
+ $helo = $1; $ip = $2; $by = $3;
goto enough;
}
@@ -1221,7 +1241,24 @@ sub parse_received_line {
# from DL1GSPMX02 (dl1gspmx02.gamestop.com) by email.ebgames.com (LSMTP for Windows NT v1.1b) with SMTP id <21...@email.ebgames.com>; Tue, 12 Sep 2006 21:06:43 -0500
if (/\(LSMTP for/) { return 0; }
+
+ # from ([127.0.0.1]) with MailEnable ESMTP; Wed, 10 Jul 2019 10:29:59 +0300
+ if (/^\(\[${LOCALHOST}\]\) with MailEnable /) { return 0; }
+
+ # from facebook.com (RrlQsUbrndsQ6/zbJaSzSPcmy3GwqE5h6IukkE5GGBIJgonAFnoQE3L+9tv2TU3e 2401:db00:1110:50e8:face:0000:002f:0000)
+ # by facebook.com with Thrift id 423753524b5011e9a83e248a0796a3b2-169bd530; Wed, 20 Mar 2019 13:39:29 -0700
+ if (/^facebook\.com \([^\)]+\) by facebook\.com with Thrift id \S+$/) { return 0; }
+
+ # from 384836569573 named unknown by gmailapi.google.com with HTTPREST; Wed, 6 Mar 2019 03:39:24 -0500
+ if (/^\S+ named \S+ by gmailapi\.google\.com with HTTPREST$/) { return 0; }
+
+ # from mail.payex.com id <B5b8f11e30004>; Wed, 05 Sep 2018 01:14:43 +0200
+ if (/^\S+ id \S+$/) { return 0; }
+ # from [<41...@be2.maropost.com>] ([<41...@be2.maropost.com>] helo=maropost.com) by 643852-mailer2 (envelope-from 4124973-137966-3089@be2.maropost.com)
+ # (Jetsend MTA 0.0.1 with ESMTP; Fri Sep 14 14:36:56 EDT 2018
+ if (/^\[<.*? \(Jetsend/) { return 0; }
+
# if at this point we still haven't figured out the HELO string, see if we
# can't just guess
if (!$helo && /^(\S+)[^-A-Za-z0-9\.]/) { $helo = $1; }
@@ -1236,9 +1273,13 @@ sub parse_received_line {
# BY madman.mr.itd.umich.edu ID 434B508E.174A6.13932 ; 11 Oct 2005 01:41:34 -0400
# Received: FROM [192.168.1.24] (s233-64-90-216.try.wideopenwest.com [64.233.216.90])
# BY hackers.mr.itd.umich.edu ID 434B5051.8CDE5.15436 ; 11 Oct 2005 01:40:33 -0400
- if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) BY (\S+) ID (\S+)$/ ) {
+ # Received: FROM helo (1.2.3.4 [1.2.3.4]) BY xxx.com (Rockliffe SMTPRA 10.3.0)
+ # WITH SMTP ID <B0...@xxx.com> FOR <fo...@bar.net>; Tue, 6 Nov 2018 07:41:26 +0200
+
+ if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) BY (\S+) (?:\([^\)]+\) WITH SMTP )?ID <?(\S+?)>?(?: FOR <[^>]+>)?$/ ) {
$mta_looked_up_dns = 1;
$helo = $1; $rdns = $2; $ip = $3; $by = $4; $id = $5;
+ $rdns = '' if $rdns eq 'unverified';
goto enough;
}
}