[Mimedefang] Real sender address ??

Troy Carpenter troy at carpenter.cx
Wed Dec 3 16:32:50 EST 2003


>Date: Wed, 3 Dec 2003 21:14:40 +0100
>From: "J.P van Oyen" <jeepee at gids.nl>
>Subject: [Mimedefang] Real sender address ??
>To: mimedefang at lists.roaringpenguin.com
>Message-ID: <20031203200138.M17122 at gids.nl>
>Content-Type: text/plain;	charset=iso-8859-1
>
>
>Is it possible to have the 'real' sender IP address as variable to be
processed in
>Mimedefang ?
>
>Ex...
>
>Received: from pop2.telyte.nl (pop2.telyte.nl [113.212.125.231])
>        by smtp3.telyte.nl (8.12.10/8.12.10) with ESMTP id
hB3ECWYY027729
>        for <name at tld.nl>; Wed, 3 Dec 2003 14:12:32 +0100
>Received: from smtp2.telebyte.nl (smtp1.telyte.nl [113.212.125.21])
>        by pop2.telyte.nl (8.12.10/8.12.10) with ESMTP id
hB3ECNl7021059;
>        Wed, 3 Dec 2003 14:12:25 +0100
>Received: from cp73380-a.venlo1.lb.home.nl (cp73380-a.venlo1.lb.home.nl
>[217.123.170.18])
>        by smtp2.telyte.nl (8.12.10/8.12.10) with SMTP id
hB3ECK5H028915;
>        Wed, 3 Dec 2003 14:12:21 +0100 
>Received: from [180.96.42.130] by cp73380-a.venlo1.lb.home.nl with
ESMTP id B8FAEC3D9DE; >Tue, 02 Dec 2003 20:14:53 -0500
>
>It should contain than 180.96.42.130  (first Received: from)
>
>This would be nice to determin country of origin/first post as long as
its not faked
>etc.. Now I have to do it with $RelayAddr which can also be a
secondairy mail server so
>given more false results. 
>
>Hints tips are welcome..
>
>Chrs ...


I do the following in filter_relay:
    if ( ($name =~ /myISPmailserver.com/i ) or
         ($name =~ /mybackupMX.org/i)) {
        my_log ('backupMX',$name,,,,);
        $fetchmail=1;
    }
The point here is to do a compare on the hostname and see if the mail is
forwarded from my ISP account, or if it came from my backup MX.

The $fetchmail variable (named because I came up with this method when I
was using fetchmail...found it was easily adapted to any relay since
fetchmail is essentially a relay host) indicates to later code that this
was a relay.

I don't do anything special in filter_recipient, which is where all my
DNSRBL checking is done. My relays are not listed in the RBLs, so they
get by all the checks.

However, the first thing I do in filter_begin is check the $fetchmail
variable.  If set, then I do the following:
    if ($fetchmail) {
        $faction = remove_relay();
        if ($faction eq "REJECT") { return action_discard() }
        if ($faction eq "ACCEPT_AND_NO_MORE_FILTERING") { $skipchecks=1
}
    }
The remove_relay() function is one that I wrote to parse the HEADERS
file and get the IP and hostname of the machine just before my ISP or
backup MX relay (that job is left as an exercise for the reader).  I
then send that information back through filter_relay and
filter_recipient, which will return one of the two results above.

The code that rechecks with the new IP/hostname from remove_relay looks
like this:

        # Ok, send the email back through filter_relay and
filter_recipient for another go
        md_syslog("$SyslogFacility|info","process relay: message from
$newhost at $newip claiming $newhelo");
        ($faction, $fstat)=filter_relay ($newip, $newhost, $newhelo);
        if ($faction ne "CONTINUE") { return $faction }
        ($faction, $fstat)=filter_recipient ($Recipients[0], $Sender,
$newip, $newhost, "", $newhelo);
        return $faction;

Really, the most difficult part I had was parsing the different formats
of the received headers...it seems each MTA has a different way to
format the header.  I probably didn't code that part as well as I should
have.

Hope that helps.

Troy Carpenter
troy at carpenter.cx



More information about the MIMEDefang mailing list