You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Leon Kolchinsky <lk...@univ.haifa.ac.il> on 2006/11/15 12:08:52 UTC
How to extract the Reverse DNS hostname by script means?
Hello,
Is there any automatic way (using a script), to extract the Reverse DNS hostname for the host that delivered the message to
my network?
Because there may be mail-server serving multiple domains, i.e. somedomain.com is served by mailserver.someotherdomain.com and the line in local.cf would look like this:
whitelist_from_rcvd diklonet19@somedomain.com mailserver.someotherdomain.com
In case there are multiple "Received" header how could I extract rDNS automatically?
Here is an example of such headers taken fro the net:
Received: from gandalf.ctdx.net ([199.0.161.154]) by buythetruck.com
with Microsoft SMTPSVC(6.0.3790.211);
Tue, 31 Oct 2006 23:27:03 -0500
Received: from harbor.x-cart.com (harbor.x-cart.com [69.20.14.15])
by gandalf.ctdx.net (8.13.7/8.13.6) with ESMTP id kA14M3vT018502
for <ch...@...>; Tue, 31 Oct 2006 23:22:03 -0500
Received: from localhost (localhost [127.0.0.1])
by harbor.x-cart.com (Postfix) with ESMTP id 32CA4FC2B4
for <ch...@...>; Tue, 31 Oct 2006 20:18:36 -0800 (PST)
Received: from harbor.x-cart.com ([127.0.0.1])
by localhost (harbor.x-cart.com [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id FJP1WignZXnm for <ch...@...>;
Tue, 31 Oct 2006 20:18:34 -0800 (PST)
Received: from gw-red.crtdev.local (mail.crtdev.local [192.168.10.1])
by harbor.x-cart.com (Postfix) with ESMTP id 1EE32FC2B2
for <ch...@...>; Tue, 31 Oct 2006 20:18:33 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
by gw-red.crtdev.local (Postfix) with ESMTP id 0C9B8112EC3C;
Wed, 1 Nov 2006 07:18:33 +0300 (MSK)
Received: from gw-red.crtdev.local ([127.0.0.1])
by localhost (mail.crtdev.local [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id Iqw-2Ddq46oC; Wed, 1 Nov 2006 07:18:32 +0300
(MSK)
Received: from gw-green.crtdev.local (green-red-fiber.crtdev.local
[192.168.99.13])
by gw-red.crtdev.local (Postfix) with ESMTP id DC976112EC2B
for <ch...@...>; Wed, 1 Nov 2006 07:18:32 +0300 (MSK)
Received: from sauron.crtdev.local (sauron.crtdev.local [192.168.12.10])
by gw-green.crtdev.local (Postfix) with ESMTP id C1738244C21
for <ch...@...>; Wed, 1 Nov 2006 07:18:32 +0300 (MSK)
Received: from sauron.crtdev.local (localhost [127.0.0.1])
by sauron.crtdev.local (8.13.8/8.13.8) with ESMTP id
kA14IFAa080272
for <ch...@...>; Wed, 1 Nov 2006 07:18:15 +0300 (MSK)
(envelope-from www@...)
Received: (from www@localhost)
by sauron.crtdev.local (8.13.8/8.13.8/Submit) id kA14IEv1080271;
Wed, 1 Nov 2006 07:18:14 +0300 (MSK)
(envelope-from www)
Date: Wed, 1 Nov 2006 07:18:14 +0300 (MSK)
Message-Id: <20...@...>
To: chris@...
Subject: Valentine Kaverin has posted a new message for you.
From: Qualiteam HelpDesk system <no...@...>
Content-Type: text/plain;charset=iso-8859-1;
X-Signature-Check-Ignore: Yes
X-Virus-Scanned: ClamAV 0.88.5/2136/Tue Oct 31 22:06:48 2006 on
gandalf.ctdx.net
X-Virus-Scanned: amavisd-new at x-cart.com
X-Virus-System: ClamAV 0.88.5/2136/Tue Oct 31 19:06:48 2006
X-Virus-Status: Clean
X-Spam-Status: No, score=3.0 required=5.0 tests=AWL,BAYES_00,BIZ_TLD,
SPF_SOFTFAIL,URI_NO_WWW_BIZ_CGI autolearn=no version=3.1.3
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on
gandalf.ctdx.net
Return-Path: www@...
X-OriginalArrivalTime: 01 Nov 2006 04:27:03.0500 (UTC)
FILETIME=[FB3D50C0:01C6FD6D]
Best Regards,
Leon Kolchinsky
RE: How to extract the Reverse DNS hostname by script means?
Posted by Bret Miller <br...@wcg.org>.
> Is there any automatic way (using a script), to extract the
> Reverse DNS hostname for the host that delivered the message to
> my network?
The top Received header should contain the server you received the
message from. That's the one that needs to go in the whitelist_from_rcvd
line.
Bret
>
> Because there may be mail-server serving multiple domains,
> i.e. somedomain.com is served by
> mailserver.someotherdomain.com and the line in local.cf would
> look like this:
>
> whitelist_from_rcvd diklonet19@somedomain.com
> mailserver.someotherdomain.com
>
>
> In case there are multiple "Received" header how could I
> extract rDNS automatically?
>
>
> Here is an example of such headers taken fro the net:
>
>
> Received: from gandalf.ctdx.net ([199.0.161.154]) by buythetruck.com
> with Microsoft SMTPSVC(6.0.3790.211);
> Tue, 31 Oct 2006 23:27:03 -0500
> Received: from harbor.x-cart.com (harbor.x-cart.com [69.20.14.15])
> by gandalf.ctdx.net (8.13.7/8.13.6) with ESMTP id
> kA14M3vT018502
> for <ch...@...>; Tue, 31 Oct 2006 23:22:03 -0500
> Received: from localhost (localhost [127.0.0.1])
> by harbor.x-cart.com (Postfix) with ESMTP id 32CA4FC2B4
> for <ch...@...>; Tue, 31 Oct 2006 20:18:36 -0800 (PST)
> Received: from harbor.x-cart.com ([127.0.0.1])
> by localhost (harbor.x-cart.com [127.0.0.1])
> (amavisd-new, port
> 10024)
> with ESMTP id FJP1WignZXnm for <ch...@...>;
> Tue, 31 Oct 2006 20:18:34 -0800 (PST)
> Received: from gw-red.crtdev.local (mail.crtdev.local [192.168.10.1])
> by harbor.x-cart.com (Postfix) with ESMTP id 1EE32FC2B2
> for <ch...@...>; Tue, 31 Oct 2006 20:18:33 -0800 (PST)
> Received: from localhost (localhost [127.0.0.1])
> by gw-red.crtdev.local (Postfix) with ESMTP id 0C9B8112EC3C;
> Wed, 1 Nov 2006 07:18:33 +0300 (MSK)
> Received: from gw-red.crtdev.local ([127.0.0.1])
> by localhost (mail.crtdev.local [127.0.0.1])
> (amavisd-new, port
> 10024)
> with ESMTP id Iqw-2Ddq46oC; Wed, 1 Nov 2006 07:18:32 +0300
> (MSK)
> Received: from gw-green.crtdev.local (green-red-fiber.crtdev.local
> [192.168.99.13])
> by gw-red.crtdev.local (Postfix) with ESMTP id DC976112EC2B
> for <ch...@...>; Wed, 1 Nov 2006 07:18:32 +0300 (MSK)
> Received: from sauron.crtdev.local (sauron.crtdev.local
> [192.168.12.10])
> by gw-green.crtdev.local (Postfix) with ESMTP id C1738244C21
> for <ch...@...>; Wed, 1 Nov 2006 07:18:32 +0300 (MSK)
> Received: from sauron.crtdev.local (localhost [127.0.0.1])
> by sauron.crtdev.local (8.13.8/8.13.8) with ESMTP id
> kA14IFAa080272
> for <ch...@...>; Wed, 1 Nov 2006 07:18:15 +0300 (MSK)
> (envelope-from www@...)
> Received: (from www@localhost)
> by sauron.crtdev.local (8.13.8/8.13.8/Submit) id
> kA14IEv1080271;
> Wed, 1 Nov 2006 07:18:14 +0300 (MSK)
> (envelope-from www)
> Date: Wed, 1 Nov 2006 07:18:14 +0300 (MSK)
> Message-Id: <20...@...>
> To: chris@...
> Subject: Valentine Kaverin has posted a new message for you.
> From: Qualiteam HelpDesk system <no...@...>
> Content-Type: text/plain;charset=iso-8859-1;
> X-Signature-Check-Ignore: Yes
> X-Virus-Scanned: ClamAV 0.88.5/2136/Tue Oct 31 22:06:48 2006 on
> gandalf.ctdx.net
> X-Virus-Scanned: amavisd-new at x-cart.com
> X-Virus-System: ClamAV 0.88.5/2136/Tue Oct 31 19:06:48 2006
> X-Virus-Status: Clean
> X-Spam-Status: No, score=3.0 required=5.0 tests=AWL,BAYES_00,BIZ_TLD,
> SPF_SOFTFAIL,URI_NO_WWW_BIZ_CGI autolearn=no version=3.1.3
> X-Spam-Level: **
> X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on
> gandalf.ctdx.net
> Return-Path: www@...
> X-OriginalArrivalTime: 01 Nov 2006 04:27:03.0500 (UTC)
> FILETIME=[FB3D50C0:01C6FD6D]