Re: [Mimedefang] Help with header checking

2020-11-26 Thread Giovanni Bechis 

On 11/25/20 11:45 AM, Andrea Venturoli wrote:
[...]
> Are Mail::Header and Mail::Field still current? Or are they obsolete? If so, 
> what should be used as a replacement?
> 
> For these messages, I see in the logs:
>> mimedefang.pl[23042]: 0AP2jef2000844: head = %Mail::Header=HASH(0x1fe80ae0)
>> mimedefang.pl[23042]: 0AP2jef2000844: RecHeads = %
> 
> So it seems Mail::Header parsed the message, but either found no Received 
> header (and they are there!) or it's Mail::Field that fails.
> How would I log more data to know what's going on?
> 
> I tried adding:
>>     foreach $key (keys %$head)
>>     {
>>     md_syslog('warning',"$key is $head{$key}");
>>     }
> Alas, only the keys are printed, not the values.
> 
> Any hint?
> 
this very simple parser seems to correctly parse the sample headers you posted, 
maybe there is something wrong inside the "foreach my $rechead (@recheads)"
portion of the code.

 Giovanni


received_hdrs.pl
Description: Perl program
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Help with header checking

2020-11-26 Thread Giovanni Bechis 
On 11/26/20 11:10 AM, Andrea Venturoli wrote:
> On 11/26/20 8:46 AM, Giovanni Bechis wrote:
>> both Mail::Headers and Mail::Field are still current, are you able to provide
>> a sample "./HEADERS" file ?
>> Just add this snippet after the open(2) call:
>> open(LOGH, '>', "/tmp/headers.log") or die $!;
>> print LOGH ;
>> close LOGH;
> 
> Wouldn't this overwrite the same file again and again?
> I'd need to let it run until that kind of mail arrives and not loose it at 
> the next one.
> Can't it be written to syslog in some way?
> 
sorry, I thought it was reproducible in some way, I think calling 
action_quarantine_entire_message()
as Diane suggested is the correct thing to do in this case.

 Giovanni
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Help with header checking

2020-11-25 Thread Giovanni Bechis 
On Wed, Nov 25, 2020 at 11:45:11AM +0100, Andrea Venturoli wrote:
> Hello.
> 
> I'm a long time MIMEDefang user, but my PERL knowledge is about zero.
> 
> A long time ago I found some sample code (from a site which does not 
> even exist anymore) and managed to adapt it to my situation.
> 
> Here it is:
> > if (open(HF, "<./HEADERS")) {
> > my $head = Mail::Header->new([]);
> > close HF;
> > md_syslog('warning',"head = %$head");
> > if ($head) {
> > my @recheads = Mail::Field->extract('Received',$head);
> > md_syslog('warning',"RecHeads = %@recheads");
> > foreach my $rechead (@recheads) {
> > ...
> > }
> > }
> > }
> 
both Mail::Headers and Mail::Field are still current, are you able to provide
a sample "./HEADERS" file ?
Just add this snippet after the open(2) call:
open(LOGH, '>', "/tmp/headers.log") or die $!;
print LOGH ;
close LOGH;

> The purpose is to extract Received fields, so to reconstruct the path a 
> message underwent from server to server.
> It has worked 99.99% of the times for years; lately, however it fails on 
> some very frequent spam messages and I have a hard time understanding why.
> 
> So, I'm asking for help from someone who knows PERL.
> 
> Are Mail::Header and Mail::Field still current? Or are they obsolete? If 
> so, what should be used as a replacement?
> 
> For these messages, I see in the logs:
> > mimedefang.pl[23042]: 0AP2jef2000844: head = %Mail::Header=HASH(0x1fe80ae0)
> > mimedefang.pl[23042]: 0AP2jef2000844: RecHeads = %
> 
> So it seems Mail::Header parsed the message, but either found no 
> Received header (and they are there!) or it's Mail::Field that fails.
> How would I log more data to know what's going on?
> 
> I tried adding:
> > foreach $key (keys %$head)
> > {
> > md_syslog('warning',"$key is $head{$key}");
> > }
> Alas, only the keys are printed, not the values.
> 
> Any hint?
> 
>   bye & Thanks
>   av.
> 
> P.S. I'm using PERL 5.32.0.
> ___
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID.  You may ignore it.
> 
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang


signature.asc
Description: PGP signature
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang