[Mimedefang] Previous relay information

Jan-Pieter Cornet johnpc at xs4all.nl
Fri Dec 15 17:03:09 EST 2006 

On Fri, Dec 15, 2006 at 01:44:01PM -0500, Whit Blauvelt wrote:
> > Has anyone implemented some form of parsing of the received headers to
> > determine who the previous relay was? When is the earliest time that these
> > headers are available? filter_begin? Are these easily accessible through
> > mimedefang's variables or will we need to build some kind of script that
> > will parse the actual mail files?
> 
> Here's a way to get ahold of the Received headers. I haven't figured out the
> earliest place it can go in the script. It certainly works if put just above
> the call to SpamAssassin. 
> 
>     $HDRS = $CWD . "/HEADERS";
[...]

You can put this as early as the filter_begin() function, since that's
the first time the message is parsed.

But it's a lot easier than this, since the message has already been
parsed, and put into a MIME::Entity object. You just have to save
the object that is passed to filter_begin, and extract the header
object, and then any header you like from that.

sub filter_begin {
    my($entity) = @_;

    # ... other code goes here, optionally

    my $header_object = $entity->head;
    my $first_received = $header_object->get('Received', 0);

    ### $first_received is actually the first "Received:" header
    ### that is received from the remote host, so it contains
    ### the "previous relay".
    if ( $RelayHostname eq 'my.backupmx.server.domain.tld' ) {
	### extract "previous relay"
	if ( $first_received =~ m{
	    from\s+(\S+)	# match HELO name
	    \s+\(		# literal '('
	    (?:			# start optional hostname...
		([A-Za-z0-9.-]+\.[a-z]+)	# match hostname
		\s+
	    )?
	    \[			# literal '['
	    (\d+(?:\.\d+){3})	# match an IP address
	    \]			# literal ']'
	    (?:\s+\([^)]*\))?	# optional "(may be forged)"
	    \s*\)		# literal ')'
	}x ) {
	    $previousHelo = $1;
	    $previousRelayHostname = $2;
	    $previousRelayAddr = $3;
	}
    }

    ### get last received header
    my $last_received = $header_object->get('Received', -1);
    
    ...

Note: the above code is untested. The regular expression matches
a sendmail-style Received line:
    Received: from HELO (reverse.dns [i.p.ad.dr] (may be forged))

Have fun,

-- 
Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs.  !!

More information about the MIMEDefang mailing list