1 | #!/usr/bin/perl
|
---|
2 | # Extract relay IP, URI hosts from mail in folder
|
---|
3 | # Hack-n-patch from:
|
---|
4 | # Heavily reworked from original:
|
---|
5 | # dmz@dmzs.com - March 19, 2004
|
---|
6 | # http://www.dmzs.com/tools/files/spam.phtml
|
---|
7 | # LGPL
|
---|
8 | # by:
|
---|
9 | # Kris Deugau <kdeugau@deepnet.cx> 2009/01/21
|
---|
10 | # Kris Deugau <kdeugau@deepnet.cx> 2009/05/19
|
---|
11 | ##wrapreq libmail-imapclient-perl (>=3.11), libio-socket-ssl-perl, install-sa
|
---|
12 | ##wrapver 0.1
|
---|
13 | ##wrapsum Extract relay IP and URI hosts from mail in IMAP folder
|
---|
14 | # $Id: extract-data 30 2011-01-25 22:10:03Z kdeugau $
|
---|
15 | # $URL$
|
---|
16 |
|
---|
17 | use strict;
|
---|
18 | use warnings;
|
---|
19 | use Time::Local;
|
---|
20 | use POSIX qw(strftime);
|
---|
21 | use IO::Socket::SSL;
|
---|
22 | use Mail::IMAPClient;
|
---|
23 | use Getopt::Std;
|
---|
24 | use NetAddr::IP;
|
---|
25 |
|
---|
26 | # hmm. can't make (enough) sense of the docs. gonna have to parse headers for IPs myself... :/
|
---|
27 | # but we did find enough to extract the URIs...
|
---|
28 | use lib '/opt/spamassassin/share/perl/5.10.0';
|
---|
29 | use Mail::SpamAssassin;
|
---|
30 | use Mail::SpamAssassin::PerMsgStatus;
|
---|
31 |
|
---|
32 | my %opts;
|
---|
33 | getopts("druv", \%opts);
|
---|
34 |
|
---|
35 | my $debug = ($opts{d} ? 1 : 0);
|
---|
36 | my $sadebug = 0; # sa-learn -D spits out a LOT of useless crap - better to only activate if specifically needed
|
---|
37 | my $imapdebug = 0; # so does Mail::IMAPClient... as in, the whole content of all the mail you look at. O_o
|
---|
38 | my $delete_after_learning = 0; # set to 1 if you want to delete mail right away after learning
|
---|
39 | # - note this makes it rather harder to deep-scan the messages to create local rules
|
---|
40 | my $verbose = ($opts{v} ? 1 : 0);
|
---|
41 |
|
---|
42 | my $tmpdir = '/var/tmp';
|
---|
43 | my $salearn = '/usr/local/bin/sa-learn';
|
---|
44 | my $learnargs = ($sadebug ? ' -D' : '').' --showdots ';
|
---|
45 |
|
---|
46 | die "eeep! $salearn doesn't exist!\n" if ! -e $salearn;
|
---|
47 |
|
---|
48 | my $folder = 'reported.needsextraction';
|
---|
49 | #my $folder = 'confirmed';
|
---|
50 |
|
---|
51 | # non-SSL IMAP settings:
|
---|
52 | #my $imap = Mail::IMAPClient->new( Server=> 'imapmailhost:143',
|
---|
53 | # User => 'imapspamuser',
|
---|
54 | # Password => 'imapspamuserpassword',
|
---|
55 | # Debug => $imapdebug);
|
---|
56 |
|
---|
57 | my $imap = Mail::IMAPClient->new(
|
---|
58 | User => 'junkmail',
|
---|
59 | Password => 'k3c86z2',
|
---|
60 | Socket => IO::Socket::SSL->new(
|
---|
61 | Proto => 'tcp',
|
---|
62 | PeerAddr => 'mail.company.com',
|
---|
63 | PeerPort => 993, # IMAP over SSL standard port
|
---|
64 | ),
|
---|
65 | Debug => $imapdebug,
|
---|
66 | )
|
---|
67 |
|
---|
68 | or die "IMAP login failed: $@\n";
|
---|
69 |
|
---|
70 | if (!defined($imap)) { die "IMAP Login Failed"; }
|
---|
71 |
|
---|
72 | my $msgcount = $imap->message_count($folder);
|
---|
73 |
|
---|
74 | # If debugging, print out the total counts for each mailbox
|
---|
75 | print $msgcount, " message(s) to process\n" if $debug;
|
---|
76 |
|
---|
77 | ## Process the spam mailbox
|
---|
78 | $imap->select($folder);
|
---|
79 | my @msgs = $imap->search("ALL");
|
---|
80 |
|
---|
81 | # Since the data goes into files anyway, why not make a mockery of a maildir and let sa-learn iterate over it?
|
---|
82 | #my $spamtmp = "$tmpdir/spam.".time.".$$"; # this should give us a suitably pseudorandom directory
|
---|
83 | #mkdir $spamtmp or die "couldn't create temporary pen for spam: $!";
|
---|
84 |
|
---|
85 | my $spamtest = Mail::SpamAssassin->new();
|
---|
86 | # don't keep dereferencing this
|
---|
87 |
|
---|
88 | my %iplist;
|
---|
89 | my %urilist;
|
---|
90 |
|
---|
91 | # put together an array of netblocks we won't/can't list for various reasons
|
---|
92 | my @dontlistme = (
|
---|
93 | # Microsoft/Hotmail/Windows Live Mail
|
---|
94 | #IP-Network 207.68.128.0/18
|
---|
95 | #IP-Network 207.68.192.0/20
|
---|
96 | #IP-Network-Block 207.068.128.000 - 207.068.207.255
|
---|
97 | NetAddr::IP->new("65.52.0.0/14"),
|
---|
98 | NetAddr::IP->new("207.68.176.96/27"),
|
---|
99 | #IP-Network 157.54.0.0/15
|
---|
100 | #IP-Network 157.56.0.0/14
|
---|
101 | #IP-Network 157.60.0.0/16
|
---|
102 | NetAddr::IP->new("157.55.0.192/27"),
|
---|
103 | NetAddr::IP->new("157.55.0.225"),
|
---|
104 | NetAddr::IP->new("157.55.0.226"),
|
---|
105 | #IP-Network 207.46.0.0/16
|
---|
106 | NetAddr::IP->new("207.46.66.0/28"),
|
---|
107 |
|
---|
108 | # AOL - note only some IPs show mail-ish rDNS
|
---|
109 | #IP-Network 205.188.0.0/16
|
---|
110 | #IP-Network 64.12.0.0/16
|
---|
111 | NetAddr::IP->new("64.12.78.136/30"),
|
---|
112 | NetAddr::IP->new("64.12.78.142"),
|
---|
113 | NetAddr::IP->new("64.12.100.31"),
|
---|
114 | NetAddr::IP->new("64.12.143.144/30"),
|
---|
115 | NetAddr::IP->new("64.12.143.152/30"),
|
---|
116 | NetAddr::IP->new("64.12.206.39"),
|
---|
117 | NetAddr::IP->new("64.12.206.40/30"),
|
---|
118 | NetAddr::IP->new("64.12.207.128/27"),
|
---|
119 | NetAddr::IP->new("64.12.207.144/29"),
|
---|
120 | NetAddr::IP->new("64.12.207.152/30"),
|
---|
121 | NetAddr::IP->new("64.12.207.160/28"),
|
---|
122 | NetAddr::IP->new("64.12.207.176/29"),
|
---|
123 | #IP-Network 205.188.0.0/16
|
---|
124 | NetAddr::IP->new("205.188.91.94/31"),
|
---|
125 | NetAddr::IP->new("205.188.91.96/31"),
|
---|
126 | NetAddr::IP->new("205.188.105.143"),
|
---|
127 | NetAddr::IP->new("205.188.105.144/30"),
|
---|
128 | NetAddr::IP->new("205.188.169.196/29"),
|
---|
129 | NetAddr::IP->new("205.188.249.128/29"),
|
---|
130 | NetAddr::IP->new("205.188.249.64/29"),
|
---|
131 | NetAddr::IP->new("205.188.169.200/23"),
|
---|
132 |
|
---|
133 | # Google/GMail
|
---|
134 | NetAddr::IP->new("209.85.128.0/17"),
|
---|
135 | NetAddr::IP->new("72.14.192.0/18"),
|
---|
136 | NetAddr::IP->new("74.125.0.0/16"),
|
---|
137 |
|
---|
138 | # Yahoo!/Inktomi
|
---|
139 | NetAddr::IP->new("98.136.0.0/14"),
|
---|
140 | NetAddr::IP->new("66.196.64.0/18"),
|
---|
141 | NetAddr::IP->new("67.195.0.0/16"),
|
---|
142 | NetAddr::IP->new("69.147.64.0/18"),
|
---|
143 | NetAddr::IP->new("206.190.32.0/18"),
|
---|
144 | NetAddr::IP->new("68.142.192.0/18"),
|
---|
145 | NetAddr::IP->new("216.252.96.0/19"),
|
---|
146 | NetAddr::IP->new("124.83.128.0/17"),
|
---|
147 | NetAddr::IP->new("217.146.184.0/21"),
|
---|
148 | NetAddr::IP->new("124.108.96.0/20"),
|
---|
149 | NetAddr::IP->new("76.13.0.0/16"),
|
---|
150 | NetAddr::IP->new("68.180.128.0/17"),
|
---|
151 | NetAddr::IP->new("209.191.64.0/18"),
|
---|
152 | NetAddr::IP->new("212.82.104.0/21"),
|
---|
153 | NetAddr::IP->new("66.163.160.0/19"),
|
---|
154 | #inetnum: 87.248.110.0 - 87.248.111.255
|
---|
155 | #route: 87.248.104.0/21
|
---|
156 | NetAddr::IP->new("87.248.110.0/23"),
|
---|
157 | NetAddr::IP->new("203.188.200.0/22"),
|
---|
158 | NetAddr::IP->new("217.12.0.0/20"),
|
---|
159 | NetAddr::IP->new("77.238.184.0/23"),
|
---|
160 | #IP-Network 74.6.0.0/16
|
---|
161 | NetAddr::IP->new("74.6.114.48/24"),
|
---|
162 | NetAddr::IP->new("74.6.228.32/27"),
|
---|
163 | NetAddr::IP->new("74.6.228.64/26"),
|
---|
164 | NetAddr::IP->new("202.165.96.0/21"),
|
---|
165 | #route: 87.248.112.0/21
|
---|
166 | #inetnum: 87.248.114.0 - 87.248.115.255
|
---|
167 | NetAddr::IP->new("87.248.114.0/24"),
|
---|
168 | #route: 116.214.0.0/20
|
---|
169 | NetAddr::IP->new("116.214.12.0/24"),
|
---|
170 | NetAddr::IP->new("202.86.4.0/22"),
|
---|
171 | NetAddr::IP->new("77.238.188/23"),
|
---|
172 | NetAddr::IP->new("217.146.182.0/23"),
|
---|
173 | NetAddr::IP->new("114.111.64.0/18"),
|
---|
174 | NetAddr::IP->new("115.178.12.0/23"),
|
---|
175 | NetAddr::IP->new("121.101.151.212"),
|
---|
176 | #inetnum: 121.101.144.0 - 121.101.159.255
|
---|
177 | NetAddr::IP->new("121.101.144.0/20"),
|
---|
178 | NetAddr::IP->new("66.94.224.0/19"),
|
---|
179 | NetAddr::IP->new("203.104.16.0/21"),
|
---|
180 |
|
---|
181 | # MessageLabs - may add these to trusted_networks instead
|
---|
182 | NetAddr::IP->new("85.158.139.0/24"),
|
---|
183 | # observed: .35, .51
|
---|
184 | NetAddr::IP->new("194.106.220.0/23"),
|
---|
185 | NetAddr::IP->new("193.109.254.0/23"),
|
---|
186 | NetAddr::IP->new("119.161.0.0/19"),
|
---|
187 | # buh? rDNS says Yahoo, but...
|
---|
188 | #inetnum: 203.209.224.0 - 203.209.255.255
|
---|
189 | #descr: Alibaba (Beijing) Technology Co., Ltd.
|
---|
190 | NetAddr::IP->new("203.209.230.22"),
|
---|
191 |
|
---|
192 | # Bell Canada - note only some IPs show mail-ish rDNS
|
---|
193 | #IP-Network 209.226.0.0/16
|
---|
194 | #IP-Network 207.236.0.0/16
|
---|
195 | NetAddr::IP->new("209.226.175.0/24"),
|
---|
196 | NetAddr::IP->new("207.236.237.0/26"),
|
---|
197 |
|
---|
198 | # Craigslist
|
---|
199 | #IP-Network 208.82.236.0/22
|
---|
200 | NetAddr::IP->new("208.82.236.0/22"),
|
---|
201 |
|
---|
202 | # Apple.com/mac.com - note only some IPs show mail-ish rDNS
|
---|
203 | #IP-Network 17.0.0.0/8
|
---|
204 | # asmtpout0(11-30).mac.com
|
---|
205 | # 17.148.16. 011 -> 86 030 -> 105
|
---|
206 | NetAddr::IP->new("17.148.16.64/26"),
|
---|
207 |
|
---|
208 | # Vodafone - note only some IPs show mail-ish rDNS
|
---|
209 | #route: 212.183.128.0/19
|
---|
210 | NetAddr::IP->new("212.183.156.224/29"),
|
---|
211 |
|
---|
212 | # Facebook - only exclude mail-ish hostnames
|
---|
213 | #IP-Network 69.63.176.0/20
|
---|
214 | # .178.160/27 plus a few more to 199 show mailish rDNS
|
---|
215 | NetAddr::IP->new("69.63.178.160/27"),
|
---|
216 | NetAddr::IP->new("69.63.178.192/29"),
|
---|
217 | #IP-Network 66.220.144.0/20
|
---|
218 | NetAddr::IP->new("66.220.144.128/26"),
|
---|
219 |
|
---|
220 | # IBM Lotus Live - rdns mostly mail
|
---|
221 | #CIDR: 8.12.152.0/24
|
---|
222 | NetAddr::IP->new("8.12.152.0/24"),
|
---|
223 |
|
---|
224 | # ISPs
|
---|
225 | # Eastlink (formerly Persona [Sudbury etc]) - only a few IPs observed with mail-ish rDNS
|
---|
226 | #IP-Network 24.222.0.0/16
|
---|
227 | NetAddr::IP->new("24.222.0.30"),
|
---|
228 | NetAddr::IP->new("24.224.136.0/27"),
|
---|
229 |
|
---|
230 | # Cogeco - only a few IPs observed with mail-ish rDNS
|
---|
231 | #IP-Network 216.221.64.0/19
|
---|
232 | NetAddr::IP->new("216.221.81.192"),
|
---|
233 | NetAddr::IP->new("216.221.81.25"),
|
---|
234 | NetAddr::IP->new("216.221.81.28/30"),
|
---|
235 | NetAddr::IP->new("216.221.81.96/30"),
|
---|
236 | # seznam.cz
|
---|
237 | #route: 77.75.72.0/23
|
---|
238 | NetAddr::IP->new("77.75.72.44"),
|
---|
239 |
|
---|
240 | # T-Online - only mail-ish hostnames
|
---|
241 | #route: 194.25.0.0/16
|
---|
242 | #inetnum: 194.25.134.0 - 194.25.134.255
|
---|
243 | #netname: DTOS-ULM-001
|
---|
244 | #descr: www.t-online.de
|
---|
245 | #descr: mail.t-online.de
|
---|
246 | #descr: php.t-online.de
|
---|
247 | NetAddr::IP->new("194.25.134.80/29"),
|
---|
248 |
|
---|
249 | # Telestra (Australia)
|
---|
250 | #inetnum: 61.9.128.0 - 61.9.255.255
|
---|
251 | # may miss one or two
|
---|
252 | # .168.135-152
|
---|
253 | NetAddr::IP->new("61.9.168.136/29"),
|
---|
254 | NetAddr::IP->new("61.9.168.144/29"),
|
---|
255 | # .189.132-152
|
---|
256 | NetAddr::IP->new("61.9.189.132/30"),
|
---|
257 | NetAddr::IP->new("61.9.189.136/29"),
|
---|
258 | NetAddr::IP->new("61.9.189.144/29"),
|
---|
259 | # "TelestraClear" - related to above?
|
---|
260 | #inetnum: 203.97.0.0 - 203.97.127.255
|
---|
261 | NetAddr::IP->new("203.97.33.64"),
|
---|
262 | NetAddr::IP->new("203.97.33.68"),
|
---|
263 | NetAddr::IP->new("203.97.37.64"),
|
---|
264 |
|
---|
265 | # Earthlink
|
---|
266 | #IP-Network 207.69.0.0/16
|
---|
267 | NetAddr::IP->new("207.69.200.28"),
|
---|
268 |
|
---|
269 | # Sprint
|
---|
270 | #IP-Network 68.24.0.0/13
|
---|
271 | # actually their PCS mail relay, so sez rDNS
|
---|
272 | NetAddr::IP->new("68.28.27.84"),
|
---|
273 |
|
---|
274 | # Vodafone (New Zealand)
|
---|
275 | # inetnum: 203.109.128.0 - 203.109.159.255
|
---|
276 | NetAddr::IP->new("203.109.136/28"),
|
---|
277 |
|
---|
278 | ## Edumactional places
|
---|
279 |
|
---|
280 | # UAlberta - only one IP observed with mail-ish rDNS
|
---|
281 | #IP-Network 129.128.0.0/16
|
---|
282 | NetAddr::IP->new("129.128.5.19"),
|
---|
283 |
|
---|
284 | # Queens University
|
---|
285 | #IP-Network 130.15.0.0/16
|
---|
286 | NetAddr::IP->new("130.15.241.183"),
|
---|
287 |
|
---|
288 | # University of Maryland Baltimore County - mail servers only
|
---|
289 | #CIDR: 130.85.0.0/16
|
---|
290 | NetAddr::IP->new("130.85.25.76/30"),
|
---|
291 |
|
---|
292 | # University of Florida
|
---|
293 | #IP-Network 128.227.0.0/16
|
---|
294 | NetAddr::IP->new("128.227.74.70"),
|
---|
295 | NetAddr::IP->new("128.227.74.149"),
|
---|
296 | NetAddr::IP->new("128.227.74.165"),
|
---|
297 |
|
---|
298 | # University of Texas
|
---|
299 | #IP-Network 129.109.0.0/16
|
---|
300 | NetAddr::IP->new("129.109.195.0/28"),
|
---|
301 |
|
---|
302 | # Roxbury Community College
|
---|
303 | #IP-Network 209.104.233.0/24
|
---|
304 | NetAddr::IP->new("209.104.233.247"),
|
---|
305 |
|
---|
306 | # Stanford University
|
---|
307 | #IP-Network 171.64.0.0/14
|
---|
308 | NetAddr::IP->new("171.67.219.80/30"),
|
---|
309 |
|
---|
310 | # Cleveland State University
|
---|
311 | #IP-Network 137.148.0.0/16
|
---|
312 | NetAddr::IP->new("137.148.18.13/32"),
|
---|
313 |
|
---|
314 | # University of Missouri - dba the Missouri Research and Education Network (MOREnet)
|
---|
315 | #CIDR: 204.184.0.0/15
|
---|
316 | NetAddr::IP->new("204.185.165.125"),
|
---|
317 |
|
---|
318 | # Yale University
|
---|
319 | #IP-Network 130.132.0.0/16
|
---|
320 | NetAddr::IP->new("130.132.50.7"),
|
---|
321 |
|
---|
322 | # Rutgers University
|
---|
323 | #IP-Network 165.230.0.0/16
|
---|
324 | NetAddr::IP->new("165.230.151.182"),
|
---|
325 |
|
---|
326 | # Clemson University
|
---|
327 | #IP-Network 130.127.0.0/16
|
---|
328 | NetAddr::IP->new("130.127.235.21"),
|
---|
329 |
|
---|
330 | # Wilkes University
|
---|
331 | #IP-Network 146.94.0.0/16
|
---|
332 | NetAddr::IP->new("146.94.192.152"),
|
---|
333 |
|
---|
334 | # Virginia Community College System
|
---|
335 | #IP-Network 164.106.0.0/16
|
---|
336 | NetAddr::IP->new("164.106.130.251"),
|
---|
337 |
|
---|
338 | # University of Virginia
|
---|
339 | #IP-Network 199.111.0.0/16
|
---|
340 | # Mary Washington College
|
---|
341 | #IP-Network 199.111.64.0/19
|
---|
342 | NetAddr::IP->new("199.111.84.18"),
|
---|
343 |
|
---|
344 | #inetnum: 130.95.0.0 - 130.95.255.255
|
---|
345 | #address: The University of Western Australia
|
---|
346 | NetAddr::IP->new("130.95.3.211"),
|
---|
347 |
|
---|
348 | #inetnum: 130.56.0.0 - 130.56.255.255
|
---|
349 | #address: IIS, Australian National University
|
---|
350 | NetAddr::IP->new("130.56.64.134"),
|
---|
351 |
|
---|
352 | #IP-Network 129.81.0.0/16
|
---|
353 | #Org-Name Tulane University
|
---|
354 | NetAddr::IP->new("129.81.224.84"),
|
---|
355 |
|
---|
356 | # List servers
|
---|
357 | # Debian listserver - relays spam, so we can't list it.
|
---|
358 | NetAddr::IP->new("82.195.75.100"),
|
---|
359 |
|
---|
360 | # ESPs
|
---|
361 | # moderately abusable, but mostly legit
|
---|
362 | # Org-Name iContact (Broadwick Corp./Preation Inc.)
|
---|
363 | NetAddr::IP->new("216.27.93.0/25"),
|
---|
364 |
|
---|
365 | # are these guys an ESP? rDNS in many blocks shows secureserver.net, with SMTPish overtones
|
---|
366 | #Org-Name GoDaddy.com, Inc.
|
---|
367 | #IP-Network 64.202.160.0/19
|
---|
368 | NetAddr::IP->new("64.202.160.0/24"),
|
---|
369 | NetAddr::IP->new("64.202.165.0/26"),
|
---|
370 | NetAddr::IP->new("64.202.165.180/30"),
|
---|
371 | NetAddr::IP->new("64.202.165.192/29"),
|
---|
372 | NetAddr::IP->new("64.202.165.224/28"),
|
---|
373 | #IP-Network 72.167.0.0/16
|
---|
374 | NetAddr::IP->new("72.167.82.80/29"),
|
---|
375 | NetAddr::IP->new("72.167.82.90"),
|
---|
376 | #IP-Network 173.201.0.0/16
|
---|
377 | NetAddr::IP->new("173.201.192.0/24"),
|
---|
378 |
|
---|
379 | # EmailBrain - note no actual netblocks of their own. :(
|
---|
380 | NetAddr::IP->new("66.100.171.162"),
|
---|
381 | #163.171.100.66.in-addr.arpa domain name pointer eb08.ebhost9.com.
|
---|
382 | #164.171.100.66.in-addr.arpa domain name pointer a.eb08.ebhost9.com.
|
---|
383 | #165.171.100.66.in-addr.arpa domain name pointer b.eb08.ebhost9.com.
|
---|
384 | #166.171.100.66.in-addr.arpa domain name pointer c.eb08.ebhost9.com.
|
---|
385 |
|
---|
386 |
|
---|
387 | # eBay/PayPal
|
---|
388 | NetAddr::IP->new("66.211.160.0/19"),
|
---|
389 |
|
---|
390 | # Misc legit
|
---|
391 | # Texas Instruments
|
---|
392 | #IP-Network 192.94.94.0/24
|
---|
393 | NetAddr::IP->new("192.94.94.40"),
|
---|
394 |
|
---|
395 | ); # done def for @dontlistme
|
---|
396 |
|
---|
397 | MSG: for (my $i=0; $i<$msgcount; $i++) {
|
---|
398 | my $msg = $imap->message_string($msgs[$i]);
|
---|
399 |
|
---|
400 | my $mail = $spamtest->parse($msg);
|
---|
401 | my $status = $spamtest->check($mail);
|
---|
402 |
|
---|
403 | # stolen from SA plugin bits
|
---|
404 | #sub parsed_metadata {
|
---|
405 | # my ($self, $opts) = @_;
|
---|
406 | # my $scanner = $status->{permsgstatus};
|
---|
407 |
|
---|
408 | my $skip_domains = $status->{main}->{conf}->{uridnsbl_skip_domains};
|
---|
409 |
|
---|
410 | # Generate the full list of html-parsed domains.
|
---|
411 | my $uris = $status->get_uri_detail_list();
|
---|
412 |
|
---|
413 | # print "$msgs[$i]\n";
|
---|
414 | my %msguris;
|
---|
415 |
|
---|
416 | while (my($uri, $info) = each %{$uris}) {
|
---|
417 | # we want to skip mailto: uris
|
---|
418 | next if ($uri =~ /^mailto:/);
|
---|
419 |
|
---|
420 | # no domains were found via this uri, so skip
|
---|
421 | next unless ($info->{domains});
|
---|
422 |
|
---|
423 | next if $info->{types}->{img};
|
---|
424 | foreach ( keys %{ $info->{domains} } ) {
|
---|
425 | if (exists $skip_domains->{$_}) {
|
---|
426 | next;
|
---|
427 | }
|
---|
428 | $msguris{$_}++;
|
---|
429 | #print " ".$_."\n";
|
---|
430 | }
|
---|
431 |
|
---|
432 | # print "$uri ".$info->{anchor_text}."\n";
|
---|
433 | }
|
---|
434 |
|
---|
435 | foreach (keys %msguris) {
|
---|
436 | # print " $_ $msguris{$_}\n";
|
---|
437 | $urilist{$_}++;
|
---|
438 | }
|
---|
439 |
|
---|
440 | # now, get the relay IP
|
---|
441 |
|
---|
442 | my $stmsg = $status->get_message();
|
---|
443 | my @untrusted = @{$stmsg->{metadata}->{relays_untrusted}};
|
---|
444 |
|
---|
445 | my $relayip = new NetAddr::IP $untrusted[0]->{ip};
|
---|
446 |
|
---|
447 | # sigh. messages tagged as spam already make life difficult by hiding the
|
---|
448 | # old Received: headers. We'll just handle them manually for now.
|
---|
449 | if (!$relayip) {
|
---|
450 | print "phtui: ";
|
---|
451 | my %headerlist = %{$imap->parse_headers($msgs[$i], "Received", "Subject")};
|
---|
452 | my $recvnum = 0;
|
---|
453 | my $recv = $headerlist{'Received'}[$recvnum];
|
---|
454 | print "$recv\n";
|
---|
455 | print " $headerlist{'Subject'}[0]\n";
|
---|
456 | next MSG;
|
---|
457 | }
|
---|
458 |
|
---|
459 | foreach my $block (@dontlistme) {
|
---|
460 | next MSG if $relayip->within($block);
|
---|
461 | }
|
---|
462 |
|
---|
463 | $iplist{$relayip->addr}++ if $relayip;
|
---|
464 |
|
---|
465 | # last if $i > 2;
|
---|
466 | sleep 1;
|
---|
467 | } # IMAP message iteration
|
---|
468 |
|
---|
469 | # mm. don't really need times on the IP lists
|
---|
470 | #if ($opts{r}) {
|
---|
471 | # print strftime("# %Y/%m/%d %H:%M", localtime())."\n";
|
---|
472 | #}
|
---|
473 | foreach my $ip (sort keys %iplist) {
|
---|
474 | $ip =~ /(\d+)\.(\d+)\.(\d+)\.(\d+)/;
|
---|
475 | if ($opts{r}) {
|
---|
476 | print "+$4.$3.$2.$1.spamhosts.company.com:127.0.0.2:900:::\n";
|
---|
477 | } else {
|
---|
478 | print "$ip\t $iplist{$ip}\n";
|
---|
479 | }
|
---|
480 | }
|
---|
481 |
|
---|
482 | if ($opts{u}) {
|
---|
483 | print strftime("# %Y/%m/%d %H:%M", localtime())."\n";
|
---|
484 | }
|
---|
485 | foreach my $uri (sort keys %urilist) {
|
---|
486 | my @hout = qx { host '$uri.multi.uribl.com'; host '$uri.company.dnsbl.' };
|
---|
487 | if ($hout[0] =~ /NXDOMAIN/ && $hout[1] =~ /NXDOMAIN/) {
|
---|
488 | if ($opts{u}) {
|
---|
489 | print "+$uri.uribl.company.com:127.0.0.2:900:::\n";
|
---|
490 | } else {
|
---|
491 | # URI plus count
|
---|
492 | print "$uri\t$urilist{$uri}\n";
|
---|
493 | }
|
---|
494 | }
|
---|
495 | }
|
---|
496 |
|
---|
497 | $imap->close();
|
---|
498 |
|
---|
499 | # Close IMAP connection cleanly.
|
---|
500 | $imap->logout();
|
---|
501 |
|
---|
502 | # integrate learned stuff - journal sync etc IFF bayes_journal is set AND you want to sync right away
|
---|
503 | # irrelevant for SQL Bayes
|
---|
504 | #my $sarebuild = `/usr/bin/sa-learn --rebuild`;
|
---|
505 | #print "-------\nRebuild: ",$sarebuild,"\n-------\n" if $debug;
|
---|