You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by he...@apache.org on 2019/11/27 12:35:58 UTC
svn commit: r1870501 - in /spamassassin: branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm

Author: hege
Date: Wed Nov 27 12:35:58 2019
New Revision: 1870501

URL: http://svn.apache.org/viewvc?rev=1870501&view=rev
Log:
Fix various Received parsings

Modified:
    spamassassin/branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm
    spamassassin/trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm

Modified: spamassassin/branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm
URL: http://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm?rev=1870501&r1=1870500&r2=1870501&view=diff
==============================================================================
--- spamassassin/branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm (original)
+++ spamassassin/branches/3.4/lib/Mail/SpamAssassin/Message/Metadata/Received.pm Wed Nov 27 12:35:58 2019
@@ -503,6 +503,21 @@ sub parse_received_line {
       }
     }
 
+    # Microsoft SMTP Server
+    elsif (/ with (?:Microsoft SMTP Server|mapi id) (?:\([^\)]+\) )?\d+\.\d+\.\d+\.\d+(?:$| )/) {
+      # Received: from EXC-DAG-02.global.net (10.45.252.152) by EXC-DAG-02.global.net
+      #  (10.45.252.152) with Microsoft SMTP Server (version=TLS1_2,
+      #  cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1261.35;
+      #  Mon, 29 Oct 2018 11:17:19 +0100
+      # Received: from AM5PR0402MB2836.eurprd04.prod.outlook.com
+      #  ([fe80::19bd:c588:dd17:5226]) by AM5PR0402MB2836.eurprd04.prod.outlook.com
+      #  ([fe80::19bd:c588:dd17:5226%6]) with mapi id 15.20.1943.023;
+      #  Wed, 5 Jun 2019 10:17:08 +0000
+      if (/^(\S+) \(\[?(${IP_ADDRESS})(?:%[A-Z0-9._~-]*)?\]?\) by (\S+) /) {
+        $helo = $1; $ip = $2; $by = $3; $id = ''; goto enough;
+      }
+    }
+
     elsif (/\[XMail /) { # bug 3791, bug 4053
       # Received: from list.brainbuzz.com (63.146.189.86:23198) by mx1.yourtech.net with [XMail 1.20 ESMTP Server] id <S72E> for <ja...@ellingson.org.spamassassin.org> from <bo...@list.cramsession.com.spamassassin.org>; Sat, 18 Sep 2004 23:17:54 -0500
       # Received: from list.brainbuzz.com (63.146.189.86:23198) by mx1.yourtech.net (209.32.147.34:25) with [XMail 1.20 ESMTP Server] id <S72E> for <ja...@ellingson.org.spamassassin.org> from <bo...@list.cramsession.com.spamassassin.org>; Sat, 18 Sep 2004 23:17:54 -0500
@@ -833,10 +848,15 @@ sub parse_received_line {
     }
 
     # Received: from acecomms [202.83.84.95] by mailscan.acenet.net.au [202.83.84.27] with SMTP (MDaemon.PRO.v5.0.6.R) for <sp...@lists.sourceforge.net>; Fri, 21 Feb 2003 09:32:27 +1000
-    if (/^(\S+) \[(${IP_ADDRESS})\] by (\S+) \[(\S+)\] with /) {
+    if (/^(\S+) \[(${IP_ADDRESS})\] by (\S+) \[${IP_ADDRESS}\] with /) {
       $mta_looked_up_dns = 1;
-      $helo = $1; $ip = $2;
-      $by = $4; # use the IP addr for "by", more useful?
+      $helo = $1; $ip = $2; $by = $3;
+      goto enough;
+    }
+
+    # Received: smtp510.aspkunden.de [(134.97.4.21)] by mail.aspemail.de (134.97.4.24) (MDaemon PRO v19.0.2)  with ESMTP id md50018233933.msg; Tue, 16 Jul 2019 11:39:22 +0200
+    if (/^(\S+) \[\((${IP_ADDRESS})\)\] by (\S+) \(${IP_ADDRESS}\) /) {
+      $helo = $1; $ip = $2; $by = $3;
       goto enough;
     }
 
@@ -1222,7 +1242,24 @@ sub parse_received_line {
 
     # from DL1GSPMX02 (dl1gspmx02.gamestop.com) by email.ebgames.com (LSMTP for Windows NT v1.1b) with SMTP id <21...@email.ebgames.com>; Tue, 12 Sep 2006 21:06:43 -0500
     if (/\(LSMTP for/) { return 0; }
+
+    # from ([127.0.0.1]) with MailEnable ESMTP; Wed, 10 Jul 2019 10:29:59 +0300
+    if (/^\(\[${LOCALHOST}\]\) with MailEnable /) { return 0; }
+
+    # from facebook.com (RrlQsUbrndsQ6/zbJaSzSPcmy3GwqE5h6IukkE5GGBIJgonAFnoQE3L+9tv2TU3e 2401:db00:1110:50e8:face:0000:002f:0000)
+    #  by facebook.com with Thrift id 423753524b5011e9a83e248a0796a3b2-169bd530; Wed, 20 Mar 2019 13:39:29 -0700
+    if (/^facebook\.com \([^\)]+\) by facebook\.com with Thrift id \S+$/) { return 0; }
+
+    # from 384836569573 named unknown by gmailapi.google.com with HTTPREST; Wed, 6 Mar 2019 03:39:24 -0500
+    if (/^\S+ named \S+ by gmailapi\.google\.com with HTTPREST$/) { return 0; }
+
+    # from mail.payex.com id <B5b8f11e30004>; Wed, 05 Sep 2018 01:14:43 +0200
+    if (/^\S+ id \S+$/) { return 0; }
   
+    # from [<41...@be2.maropost.com>] ([<41...@be2.maropost.com>] helo=maropost.com)  by 643852-mailer2 (envelope-from 4124973-137966-3089@be2.maropost.com)
+    #  (Jetsend MTA 0.0.1 with ESMTP; Fri Sep 14 14:36:56 EDT 2018
+    if (/^\[<.*? \(Jetsend/) { return 0; }
+
     # if at this point we still haven't figured out the HELO string, see if we
     # can't just guess
     if (!$helo && /^(\S+)[^-A-Za-z0-9\.]/) { $helo = $1; }
@@ -1237,9 +1274,13 @@ sub parse_received_line {
     #  BY madman.mr.itd.umich.edu ID 434B508E.174A6.13932 ; 11 Oct 2005 01:41:34 -0400
     # Received: FROM [192.168.1.24] (s233-64-90-216.try.wideopenwest.com [64.233.216.90])
     #  BY hackers.mr.itd.umich.edu ID 434B5051.8CDE5.15436 ; 11 Oct 2005 01:40:33 -0400
-    if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) BY (\S+) ID (\S+)$/ ) {
+    # Received: FROM helo (1.2.3.4 [1.2.3.4]) BY xxx.com (Rockliffe SMTPRA 10.3.0)
+    #  WITH SMTP ID <B0...@xxx.com> FOR <fo...@bar.net>; Tue, 6 Nov 2018 07:41:26 +0200
+
+    if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) BY (\S+) (?:\([^\)]+\) WITH SMTP )?ID <?(\S+?)>?(?: FOR <[^>]+>)?$/ ) {
       $mta_looked_up_dns = 1;
       $helo = $1; $rdns = $2; $ip = $3; $by = $4; $id = $5;
+      $rdns = '' if $rdns eq 'unverified';
       goto enough;
     }
   }

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm?rev=1870501&r1=1870500&r2=1870501&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Message/Metadata/Received.pm Wed Nov 27 12:35:58 2019
@@ -499,6 +499,21 @@ sub parse_received_line {
       }
     }
 
+    # Microsoft SMTP Server
+    elsif (/ with (?:Microsoft SMTP Server|mapi id) (?:\([^\)]+\) )?\d+\.\d+\.\d+\.\d+(?:$| )/) {
+      # Received: from EXC-DAG-02.global.net (10.45.252.152) by EXC-DAG-02.global.net
+      #  (10.45.252.152) with Microsoft SMTP Server (version=TLS1_2,
+      #  cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1261.35;
+      #  Mon, 29 Oct 2018 11:17:19 +0100
+      # Received: from AM5PR0402MB2836.eurprd04.prod.outlook.com
+      #  ([fe80::19bd:c588:dd17:5226]) by AM5PR0402MB2836.eurprd04.prod.outlook.com
+      #  ([fe80::19bd:c588:dd17:5226%6]) with mapi id 15.20.1943.023;
+      #  Wed, 5 Jun 2019 10:17:08 +0000
+      if (/^(\S+) \(\[?(${IP_ADDRESS})(?:%[A-Z0-9._~-]*)?\]?\) by (\S+) /) {
+        $helo = $1; $ip = $2; $by = $3; $id = ''; goto enough;
+      }
+    }
+
     elsif (/\[XMail /) { # bug 3791, bug 4053
       # Received: from list.brainbuzz.com (63.146.189.86:23198) by mx1.yourtech.net with [XMail 1.20 ESMTP Server] id <S72E> for <ja...@ellingson.org.spamassassin.org> from <bo...@list.cramsession.com.spamassassin.org>; Sat, 18 Sep 2004 23:17:54 -0500
       # Received: from list.brainbuzz.com (63.146.189.86:23198) by mx1.yourtech.net (209.32.147.34:25) with [XMail 1.20 ESMTP Server] id <S72E> for <ja...@ellingson.org.spamassassin.org> from <bo...@list.cramsession.com.spamassassin.org>; Sat, 18 Sep 2004 23:17:54 -0500
@@ -829,10 +844,15 @@ sub parse_received_line {
     }
 
     # Received: from acecomms [202.83.84.95] by mailscan.acenet.net.au [202.83.84.27] with SMTP (MDaemon.PRO.v5.0.6.R) for <sp...@lists.sourceforge.net>; Fri, 21 Feb 2003 09:32:27 +1000
-    if (/^(\S+) \[(${IP_ADDRESS})\] by (\S+) \[(\S+)\] with /) {
+    if (/^(\S+) \[(${IP_ADDRESS})\] by (\S+) \[${IP_ADDRESS}\] with /) {
       $mta_looked_up_dns = 1;
-      $helo = $1; $ip = $2;
-      $by = $4; # use the IP addr for "by", more useful?
+      $helo = $1; $ip = $2; $by = $3;
+      goto enough;
+    }
+
+    # Received: smtp510.aspkunden.de [(134.97.4.21)] by mail.aspemail.de (134.97.4.24) (MDaemon PRO v19.0.2)  with ESMTP id md50018233933.msg; Tue, 16 Jul 2019 11:39:22 +0200
+    if (/^(\S+) \[\((${IP_ADDRESS})\)\] by (\S+) \(${IP_ADDRESS}\) /) {
+      $helo = $1; $ip = $2; $by = $3;
       goto enough;
     }
 
@@ -1221,7 +1241,24 @@ sub parse_received_line {
 
     # from DL1GSPMX02 (dl1gspmx02.gamestop.com) by email.ebgames.com (LSMTP for Windows NT v1.1b) with SMTP id <21...@email.ebgames.com>; Tue, 12 Sep 2006 21:06:43 -0500
     if (/\(LSMTP for/) { return 0; }
+
+    # from ([127.0.0.1]) with MailEnable ESMTP; Wed, 10 Jul 2019 10:29:59 +0300
+    if (/^\(\[${LOCALHOST}\]\) with MailEnable /) { return 0; }
+
+    # from facebook.com (RrlQsUbrndsQ6/zbJaSzSPcmy3GwqE5h6IukkE5GGBIJgonAFnoQE3L+9tv2TU3e 2401:db00:1110:50e8:face:0000:002f:0000)
+    #  by facebook.com with Thrift id 423753524b5011e9a83e248a0796a3b2-169bd530; Wed, 20 Mar 2019 13:39:29 -0700
+    if (/^facebook\.com \([^\)]+\) by facebook\.com with Thrift id \S+$/) { return 0; }
+
+    # from 384836569573 named unknown by gmailapi.google.com with HTTPREST; Wed, 6 Mar 2019 03:39:24 -0500
+    if (/^\S+ named \S+ by gmailapi\.google\.com with HTTPREST$/) { return 0; }
+
+    # from mail.payex.com id <B5b8f11e30004>; Wed, 05 Sep 2018 01:14:43 +0200
+    if (/^\S+ id \S+$/) { return 0; }
   
+    # from [<41...@be2.maropost.com>] ([<41...@be2.maropost.com>] helo=maropost.com)  by 643852-mailer2 (envelope-from 4124973-137966-3089@be2.maropost.com)
+    #  (Jetsend MTA 0.0.1 with ESMTP; Fri Sep 14 14:36:56 EDT 2018
+    if (/^\[<.*? \(Jetsend/) { return 0; }
+
     # if at this point we still haven't figured out the HELO string, see if we
     # can't just guess
     if (!$helo && /^(\S+)[^-A-Za-z0-9\.]/) { $helo = $1; }
@@ -1236,9 +1273,13 @@ sub parse_received_line {
     #  BY madman.mr.itd.umich.edu ID 434B508E.174A6.13932 ; 11 Oct 2005 01:41:34 -0400
     # Received: FROM [192.168.1.24] (s233-64-90-216.try.wideopenwest.com [64.233.216.90])
     #  BY hackers.mr.itd.umich.edu ID 434B5051.8CDE5.15436 ; 11 Oct 2005 01:40:33 -0400
-    if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) BY (\S+) ID (\S+)$/ ) {
+    # Received: FROM helo (1.2.3.4 [1.2.3.4]) BY xxx.com (Rockliffe SMTPRA 10.3.0)
+    #  WITH SMTP ID <B0...@xxx.com> FOR <fo...@bar.net>; Tue, 6 Nov 2018 07:41:26 +0200
+
+    if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) BY (\S+) (?:\([^\)]+\) WITH SMTP )?ID <?(\S+?)>?(?: FOR <[^>]+>)?$/ ) {
       $mta_looked_up_dns = 1;
       $helo = $1; $rdns = $2; $ip = $3; $by = $4; $id = $5;
+      $rdns = '' if $rdns eq 'unverified';
       goto enough;
     }
   }