-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Eric -- actually, there is such a thing in SpamAssassin 3.0.x ;) e.g.: header HELO_DYNAMIC_HCC X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S*\d+[^\d\s]+\d+\S*\.(?:docsis|cable|dsl|adsl|dhcp|cpe)\./i it doesn't extract *everything*, but does cover quite a lot; rDNS, HELO, IP, "received by" hostname, ident, envelope-from, whether the host was in internal_networks, the SMTP ID string used in the Received line, and whether signs of authentication were present. You can see it in -D output: debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: [ ip=199.172.62.20 rdns=europe.std.com helo=europe.std.com by=mail.netnoteinc.com ident= envfrom= intl=0 id=392E1114061 auth= ] [ ip=199.172.62.134 rdns=sgi04-e.std.com helo=sgi04-e.std.com by=europe.std.com ident= envfrom= intl=0 id=RAA08749 auth= ] [ ip=199.172.62.5 rdns=world-f.std.comhelo=world.std.com by=sgi04-e.std.com ident= envfrom= intl=0 id=RAA8278330 auth= ][ ip=199.172.62.134 rdns=sgi04-e.std.com helo=sgi04-e.std.com by=europe.std.com ident= envfrom= intl=0 id=RAA07541 auth= ] [ ip=199.172.62.5 rdns=world-f.std.com helo=world.std.com by=sgi04-e.std.com ident= envfrom= intl=0 id=RAA8416421 auth= ] [ ip=208.192.102.199 rdns=ppp0c199.std.com helo=!208.192.102.193! by=world.std.com ident= envfrom= intl=0 id=RAA14226 auth= ] or change your config to use the _RELAYSTRUSTED_ and _RELAYSUNTRUSTED_ tag items in a header, to get them in rewritten mails, e.g. add_header all Relays-Trusted _RELAYSTRUSTED_ add_header all Relays-Untrusted _RELAYSUNTRUSTED_ - --j. Eric A. Hall writes: > I'm revisiting some rulesets that I'm wanting to write, but am struggling > again with the lack of Received header parsing. The rules I want to have > available to me are: > > 1) Check for a reverse-DNS match > > 2) Check for HELO (versus EHLO) > > 3) Check for TLS > > In order to do this, I really need an array of Received header meta-data > (might also benefit from separate arrays of trusted vs untrusted Received > headers but that's not needed right now). > > Array entries should go from top to bottom with RCVD_HDR[0] (or whatever) > being the top-most header. Each array entry should have elements for > hostname, HELO/EHLO, recipient, and the other elements described in > RFC2821 for Received headers, as well as a full-text representation of the > header (unwrapped into a single line). > > I'm aware that the syntax and structure of Received headers vary > dramatically across implementations (and even across installations of a > specific implementation), and that this can become pretty difficult, but > this is really needed in order to do protocol-level validity tests from > within SA. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCJKhtMJF5cimLx9ARAiDIAJ4+Tme3MNzQjhpWdFcDw853YbP1LgCgokhu xvhgg4PI96wvOOgwb6cBUUI= =ZQza -----END PGP SIGNATURE-----