You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Leon Kolchinsky <lk...@univ.haifa.ac.il> on 2006/11/15 12:08:52 UTC

How to extract the Reverse DNS hostname by script means?

Hello,

Is there any automatic way (using a script), to extract the Reverse DNS hostname for the host that delivered the message to 
my network?

Because there may be mail-server serving multiple domains, i.e.  somedomain.com is served by mailserver.someotherdomain.com and the line in local.cf would look like this:

whitelist_from_rcvd diklonet19@somedomain.com mailserver.someotherdomain.com


In case there are multiple "Received" header how could I extract rDNS automatically?


Here is an example of such headers taken fro the net:


Received: from gandalf.ctdx.net ([199.0.161.154]) by buythetruck.com 
with Microsoft SMTPSVC(6.0.3790.211); 
         Tue, 31 Oct 2006 23:27:03 -0500 
Received: from harbor.x-cart.com (harbor.x-cart.com [69.20.14.15]) 
        by gandalf.ctdx.net (8.13.7/8.13.6) with ESMTP id kA14M3vT018502 
        for <ch...@...>; Tue, 31 Oct 2006 23:22:03 -0500 
Received: from localhost (localhost [127.0.0.1]) 
        by harbor.x-cart.com (Postfix) with ESMTP id 32CA4FC2B4 
        for <ch...@...>; Tue, 31 Oct 2006 20:18:36 -0800 (PST) 
Received: from harbor.x-cart.com ([127.0.0.1]) 
        by localhost (harbor.x-cart.com [127.0.0.1]) (amavisd-new, port 
10024) 
        with ESMTP id FJP1WignZXnm for <ch...@...>; 
        Tue, 31 Oct 2006 20:18:34 -0800 (PST) 
Received: from gw-red.crtdev.local (mail.crtdev.local [192.168.10.1]) 
        by harbor.x-cart.com (Postfix) with ESMTP id 1EE32FC2B2 
        for <ch...@...>; Tue, 31 Oct 2006 20:18:33 -0800 (PST) 
Received: from localhost (localhost [127.0.0.1]) 
        by gw-red.crtdev.local (Postfix) with ESMTP id 0C9B8112EC3C; 
        Wed,  1 Nov 2006 07:18:33 +0300 (MSK) 
Received: from gw-red.crtdev.local ([127.0.0.1]) 
        by localhost (mail.crtdev.local [127.0.0.1]) (amavisd-new, port 
10024) 
        with ESMTP id Iqw-2Ddq46oC; Wed,  1 Nov 2006 07:18:32 +0300 
(MSK) 
Received: from gw-green.crtdev.local (green-red-fiber.crtdev.local 
[192.168.99.13]) 
        by gw-red.crtdev.local (Postfix) with ESMTP id DC976112EC2B 
        for <ch...@...>; Wed,  1 Nov 2006 07:18:32 +0300 (MSK) 
Received: from sauron.crtdev.local (sauron.crtdev.local [192.168.12.10]) 
        by gw-green.crtdev.local (Postfix) with ESMTP id C1738244C21 
        for <ch...@...>; Wed,  1 Nov 2006 07:18:32 +0300 (MSK) 
Received: from sauron.crtdev.local (localhost [127.0.0.1]) 
        by sauron.crtdev.local (8.13.8/8.13.8) with ESMTP id 
kA14IFAa080272 
        for <ch...@...>; Wed, 1 Nov 2006 07:18:15 +0300 (MSK) 
        (envelope-from www@...) 
Received: (from www@localhost) 
        by sauron.crtdev.local (8.13.8/8.13.8/Submit) id kA14IEv1080271; 
        Wed, 1 Nov 2006 07:18:14 +0300 (MSK) 
        (envelope-from www) 
Date: Wed, 1 Nov 2006 07:18:14 +0300 (MSK) 
Message-Id: <20...@...> 
To: chris@... 
Subject: Valentine Kaverin has posted a new message for you. 
From: Qualiteam HelpDesk system <no...@...> 
Content-Type: text/plain;charset=iso-8859-1; 
X-Signature-Check-Ignore: Yes 
X-Virus-Scanned: ClamAV 0.88.5/2136/Tue Oct 31 22:06:48 2006 on 
gandalf.ctdx.net 
X-Virus-Scanned: amavisd-new at x-cart.com 
X-Virus-System: ClamAV 0.88.5/2136/Tue Oct 31 19:06:48 2006 
X-Virus-Status: Clean 
X-Spam-Status: No, score=3.0 required=5.0 tests=AWL,BAYES_00,BIZ_TLD, 
        SPF_SOFTFAIL,URI_NO_WWW_BIZ_CGI autolearn=no version=3.1.3 
X-Spam-Level: ** 
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on 
gandalf.ctdx.net 
Return-Path: www@... 
X-OriginalArrivalTime: 01 Nov 2006 04:27:03.0500 (UTC) 
FILETIME=[FB3D50C0:01C6FD6D]




Best Regards,
Leon Kolchinsky

RE: How to extract the Reverse DNS hostname by script means?

Posted by Bret Miller <br...@wcg.org>.

> Is there any automatic way (using a script), to extract the 
> Reverse DNS hostname for the host that delivered the message to 
> my network?

The top Received header should contain the server you received the
message from. That's the one that needs to go in the whitelist_from_rcvd
line.

Bret


> 
> Because there may be mail-server serving multiple domains, 
> i.e.  somedomain.com is served by 
> mailserver.someotherdomain.com and the line in local.cf would 
> look like this:
> 
> whitelist_from_rcvd diklonet19@somedomain.com 
> mailserver.someotherdomain.com
> 
> 
> In case there are multiple "Received" header how could I 
> extract rDNS automatically?
> 
> 
> Here is an example of such headers taken fro the net:
> 
> 
> Received: from gandalf.ctdx.net ([199.0.161.154]) by buythetruck.com 
> with Microsoft SMTPSVC(6.0.3790.211); 
>          Tue, 31 Oct 2006 23:27:03 -0500 
> Received: from harbor.x-cart.com (harbor.x-cart.com [69.20.14.15]) 
>         by gandalf.ctdx.net (8.13.7/8.13.6) with ESMTP id 
> kA14M3vT018502 
>         for <ch...@...>; Tue, 31 Oct 2006 23:22:03 -0500 
> Received: from localhost (localhost [127.0.0.1]) 
>         by harbor.x-cart.com (Postfix) with ESMTP id 32CA4FC2B4 
>         for <ch...@...>; Tue, 31 Oct 2006 20:18:36 -0800 (PST) 
> Received: from harbor.x-cart.com ([127.0.0.1]) 
>         by localhost (harbor.x-cart.com [127.0.0.1]) 
> (amavisd-new, port 
> 10024) 
>         with ESMTP id FJP1WignZXnm for <ch...@...>; 
>         Tue, 31 Oct 2006 20:18:34 -0800 (PST) 
> Received: from gw-red.crtdev.local (mail.crtdev.local [192.168.10.1]) 
>         by harbor.x-cart.com (Postfix) with ESMTP id 1EE32FC2B2 
>         for <ch...@...>; Tue, 31 Oct 2006 20:18:33 -0800 (PST) 
> Received: from localhost (localhost [127.0.0.1]) 
>         by gw-red.crtdev.local (Postfix) with ESMTP id 0C9B8112EC3C; 
>         Wed,  1 Nov 2006 07:18:33 +0300 (MSK) 
> Received: from gw-red.crtdev.local ([127.0.0.1]) 
>         by localhost (mail.crtdev.local [127.0.0.1]) 
> (amavisd-new, port 
> 10024) 
>         with ESMTP id Iqw-2Ddq46oC; Wed,  1 Nov 2006 07:18:32 +0300 
> (MSK) 
> Received: from gw-green.crtdev.local (green-red-fiber.crtdev.local 
> [192.168.99.13]) 
>         by gw-red.crtdev.local (Postfix) with ESMTP id DC976112EC2B 
>         for <ch...@...>; Wed,  1 Nov 2006 07:18:32 +0300 (MSK) 
> Received: from sauron.crtdev.local (sauron.crtdev.local 
> [192.168.12.10]) 
>         by gw-green.crtdev.local (Postfix) with ESMTP id C1738244C21 
>         for <ch...@...>; Wed,  1 Nov 2006 07:18:32 +0300 (MSK) 
> Received: from sauron.crtdev.local (localhost [127.0.0.1]) 
>         by sauron.crtdev.local (8.13.8/8.13.8) with ESMTP id 
> kA14IFAa080272 
>         for <ch...@...>; Wed, 1 Nov 2006 07:18:15 +0300 (MSK) 
>         (envelope-from www@...) 
> Received: (from www@localhost) 
>         by sauron.crtdev.local (8.13.8/8.13.8/Submit) id 
> kA14IEv1080271; 
>         Wed, 1 Nov 2006 07:18:14 +0300 (MSK) 
>         (envelope-from www) 
> Date: Wed, 1 Nov 2006 07:18:14 +0300 (MSK) 
> Message-Id: <20...@...> 
> To: chris@... 
> Subject: Valentine Kaverin has posted a new message for you. 
> From: Qualiteam HelpDesk system <no...@...> 
> Content-Type: text/plain;charset=iso-8859-1; 
> X-Signature-Check-Ignore: Yes 
> X-Virus-Scanned: ClamAV 0.88.5/2136/Tue Oct 31 22:06:48 2006 on 
> gandalf.ctdx.net 
> X-Virus-Scanned: amavisd-new at x-cart.com 
> X-Virus-System: ClamAV 0.88.5/2136/Tue Oct 31 19:06:48 2006 
> X-Virus-Status: Clean 
> X-Spam-Status: No, score=3.0 required=5.0 tests=AWL,BAYES_00,BIZ_TLD, 
>         SPF_SOFTFAIL,URI_NO_WWW_BIZ_CGI autolearn=no version=3.1.3 
> X-Spam-Level: ** 
> X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on 
> gandalf.ctdx.net 
> Return-Path: www@... 
> X-OriginalArrivalTime: 01 Nov 2006 04:27:03.0500 (UTC) 
> FILETIME=[FB3D50C0:01C6FD6D]