Enter recursive discussion of why RBLs suck. On 1/24/03 15:36, "Tony Hlabse" <[EMAIL PROTECTED]> wrote:
Interesting observation ----- Original Message ----- From: "Chris Scharff" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, January 24, 2003 3:49 PM Subject: Re: Using script to get header info > Does your script do reverse DNS lookups on the IP address as well so you can > make sure you didn't just block a major business partner by IP because one > of your users is clueless? > > On 1/24/03 13:27, "Mike" <[EMAIL PROTECTED]> wrote: > > > > Well, I wrestled with this for a few days, and this is what I've come up > with. It may not be pretty, but it works for my purposes. This is a VBA > macro in Outlook 2002. It prompts for a folder, then retrieves the IP > address of the originating server for each message in that folder, reverses > the octets and writes it out to a file, for inclusion in a dns blacklist > file. > > '****************************************** exported from Outlook 2002 *** > Attribute VB_Name = "GetSpam" > ' > ' NOTE: Requires a reference to the Microsoft CDO 1.21 Library > ' > Sub ShowFolderInfo_Click() > > '*** this is the string to search for in the message headers > '*** substitute your own "servername.domain" in the search string > strSMTPSearch = "]) by servername.domain with SMTP" > strSpamOutFile = "c:\spam.txt" > > Set MyNameSpace = Application.GetNamespace("MAPI") > Set myFolder = MyNameSpace.PickFolder > If myFolder Is Nothing Then > MsgBox "User pressed cancel.", vbInformation > Exit Sub > End If > > Set oSession = New MAPI.Session > oSession.Logon > Set oSpamFolder = oSession.GetFolder(myFolder.EntryID) > Set oMsgColl = oSpamFolder.Messages > > If oMsgColl.Count > 0 Then > outfile = FreeFile(0) > Open strSpamOutFile For Output As #outfile > For Each oMessage In oMsgColl > oHeader = oMessage.Fields(&H7D001E) > '^^^^^ this is the full header > > oHeader = Left(oHeader, InStr(oHeader, strSMTPSearch - 1) > '^^^^^ this strips everything after the search string > > oHeader = Right(oHeader, Len(oHeader) - InStrRev(oHeader, "[")) > '^^^^^ this gives us the offending IP address > > strOctet = Split(oHeader, ".") > '^^^^^ this creates an array of the octets > > strBadMachine = strOctet(3) & "." & strOctet(2) & "." &_ > strOctet(1) & "." & strOctet(0) &_ > vbTab & vbTab & "A" & vbTab & "127.0.0.2" > '^^^^^ reverses the octets and builds the dns entry for blacklisting > > Write #outfile, strBadMachine > '^^^^^ and then writes it out to the file > Next > Close outfile > End If > > MsgBox "Finished!" & vbCrLf & vbCrLf & "File is at " & strSpamOutFile > End Sub > '*************************************************************************** > > *** > > The WRITE statement puts double quotes around the string when it's written, > so I still have to load it in notepad and remove those (a simple replace > with nothing). Next I load it into Excel along with the existing blacklist > entries, sort them and save them back out. > > Today I processed 90 new messages in about 3 minutes. Yesterday, that same > task would have taken an hour or more. > > Regards, > Mike > > > -----Original Message----- > From: Ken Cornetet [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 22, 2003 4:31 PM > To: Exchange Maillist > Subject: RE: Using script to get header info > > > Hmmm, I've been wrestling with CDO as of late, and your question piqued my > interest. See > http://support.microsoft.com/default.aspx?scid=KB;en-us;q194870 for code. > > -----Original Message----- > From: Mike [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 22, 2003 4:03 PM > To: Exchange Discussions > Subject: Using script to get header info > > > Hi folks, > > I created a public folder and asked several of our users to move their spam > into it. From there, I can open the messages, view the headers, pluck the IP > > addresses of the offending mail servers, and add them to our internal dns > blacklist. > > Works like a charm, but it's very labor-intensive. > > I wrote some vbscript code that examines all the messages in the folder, and > > returns things like Sender, Subject, etc., all of which are basically > useless to me in this case, but the practice was good. There doesn't seem to > > be any property that will return the header info, no? I don't have a good > reference book handy, but searching through the online MSDN library was > helpful. > > Now it looks like maybe ADO/CDOEX might be the way to go. Does anyone have > any sample code that might give me some pointers? This doesn't have to be > fandy or polished. If I can retrieve the headers, I can parse through them > and find the right "received by" line, and pull the address from that line > and output it to the screen. I'd greatly appreciate any pointers at all, be > it a web page, KB article, book, etc. > > Thanks, > Mike > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]