# --
# Kernel/System/GenericAgent/AOL_Dissector.pm - generic agent dissector for AOL scomp@aol.com msgs
# Copyright (C) 2004 Peter Gervai <grin@tolna.net.whoneedsthis>
# --
# $Id: AOL_Dissector.pl 508 2004-11-24 11:17:58Z grin $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see http://www.gnu.org/licenses/gpl.txt.
# --
#
package Kernel::System::GenericAgent::AOL_Dissector;

use strict;
use Kernel::System::User;
use Kernel::System::Email;
use Kernel::System::Queue;
use Kernel::System::Notification;
use Socket;

use vars qw(@ISA $VERSION);
$VERSION = '$Revision: 519 $';
$VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/;

=head1 NAME

Kernel::System::GenericAgent::AOL_Dissector;

=head1 SYNOPSYS

This GenericAgent module handles scomp@aol.net automatic
spam reports and try to parse the email body for abuser IP.

Scans selected tickets' body for the last X-AOL-IP. Resolves
IP, tries to match it to a user name (now using a very basic
Host2Email specific to the author's system), and sets
customer name, id, and free fields based on these.

Simply put module name in a GenericAgent job "Module" and
you're okay.

=head1 PUBLIC INTERFACE

=over 4

=cut

=item new()

create an object

These methods usually get called by GenericAgent and not manually.

IPFilter regexp selects our own address space.

HostFilter returns localpart ($1) and domainpart ($2) of customer email.
You can use these parameters in GenericAgent Module call.

  my $Dissector = Kernel::System::GenericAgent::AOL_Dissector->new(
      DBObject => $DBObject,
      ConfigObject => $ConfigObject,
      LogObject => $LogObject,
      TicketObject => $TicketObject,
      IPFilter => "24\.129\.(22[0-7]|242)\.",
      HostFilter => "([^.]+)\..*(tolna\.net)",
  );

=cut

sub new {
    my $Type = shift;
    my %Param = @_;

    # allocate new hash for object
    my $Self = {};
    bless ($Self, $Type);

    # check needed objects
    foreach (qw(DBObject ConfigObject LogObject TicketObject)) {
        $Self->{$_} = $Param{$_} || die "Got no $_!";
    }

    $Self->{UserObject} = Kernel::System::User->new(%Param);
    $Self->{EmailObject} = Kernel::System::Email->new(%Param);
    $Self->{QueueObject} = Kernel::System::Queue->new(%Param);
    
    if( defined( $Param{IPFilter} ) ) {
        $Self->{IPFilter} = $Param{IPFilter};
    } else {
        $Self->{IPFilter} = "193\.(227\.19[6-9]|218\.98|151\.11[6-9])\.";
    }
    
    if( defined( $Param{HostFilter} ) ) {
        $Self->{HostFilter} = $Param{HostFilter};
    } else {
        $Self->{HostFilter} = "([^.]+)\..*(tolna\.net)";
    }
    
    $Self->{Debug} = $Param{Debug};
    
    return $Self;
}

=item Run()

Runs the dissector on a selected ticket.
Sets CustNo and CustUser based on reported IP.
Sets FreeField1 to "AOL" = "scomp"
Sets FreeField3 to "IP" = $userIP

Called internally by GenericAgent.

=cut

sub Run {
    my $Self = shift;
    my %Param = @_;
    
    # get first article body
    my %Article = $Self->{TicketObject}->ArticleFirstArticle( TicketID => $Param{TicketID} );
    my $body = $Self->{TicketObject}->ArticlePlain( %Article );
    
    # parse body for (last) ip and translate it to userid
    my %HostData = $Self->DissectMessage( $body );
    
    # set customer id (No) and customer email (User)
    if( defined( $HostData{Email} ) ) {
        $Self->{TicketObject}->SetCustomerData(
                                               User => $HostData{Email},
                                               No => $HostData{Email},
                                               TicketID => $Param{TicketID},
                                               UserID => 1,
                                              );
    }
    
    # set freefield1 for AOL automagic report (scomp@aol.net)
    $Self->{TicketObject}->TicketFreeTextSet(
                                             Counter => 1,
                                             Key => "AOL",
                                             Value => "scomp",
                                             TicketID => $Param{TicketID},
                                             UserID => 1,
                                            );
    
    # set freefield3 to userIP
    $Self->{TicketObject}->TicketFreeTextSet(
                                             Counter => 3,
                                             Key => "IP",
                                             Value => $HostData{IP},
                                             TicketID => $Param{TicketID},
                                             UserID => 1,
                                            );
    
    return 1;
}

=item DissectMessage

browse body for spammer ip, resolve, return email, host, ip

  my %UserData = $Dissector->DissectMessage( $body );

%UserData contains Email, Host and IP for our spammer.

=cut

sub DissectMessage {
    my $Self = shift;
    my $body = shift;
    
    my ($ip, $host, $email);
    
    my @in = split /\r?\n/, $body;
    
    foreach $_ (@in) {
        next if !/^X-AOL-IP: ([.\d]+)/;
        $ip = $1;
        # drop ips not in our address space
        next if $ip !~ /$Self->{IPFilter}/;
        $host = gethostbyaddr( inet_aton( $ip ), AF_INET );
        $email = $Self->Host2Email( $host );
    }
    
    return ( Email => $email, Host => $host, IP => $ip );
}

=item Host2Email

Rudimentary conversion from hostname to cust email

  my $email = Host2Email( $host );

=cut

sub Host2Email {
    my $Self = shift;
    my $host = shift;
    $host =~ /$Self->{HostFilter}/;
    my $email = $1 . '@' . $2;
    return $email;
}
1;


=head1 TERMS AND CONDITIONS

This software is part of the OTRS project (http://otrs.org/).

This software comes with ABSOLUTELY NO WARRANTY. For details, see
the enclosed file COPYING for license information (GPL). If you
did not receive this file, see http://www.gnu.org/licenses/gpl.txt.

=head1 VERSION

$Id: AOL_Dissector.pl 508 2004-11-24 11:17:58Z grin $

=cut