search

Blue-Labs / Blam

Blue Labs anti-muggle milter (mail filter)
0 stars 0 forks source link

relay host extraction does a poor job on numerous forms of Received headers #16

Open FirefighterBlu3 opened 8 years ago

FirefighterBlu3 commented 8 years ago 
03:19:30 W 0.1  10.255.0.4:39677 unable to re match Received header, please check: by mail-oi0-f54.google.com with smtp id o124so39700293oia.3         for <mjh@itys.net>; thu, 28 jan 2016 19:19:16 -0800 (pst)
03:19:30 W 0.1  10.255.0.4:39677 unable to re match Received header, please check: by 10.202.4.10 with smtp id 10csp822783oie;         thu, 28 jan 2016 19:19:12 -0800 (pst)
03:19:30 W 0.1  10.255.0.4:39677 unable to re match Received header, please check: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net. [217.70.183.195])         by mx.google.com with esmtps id m196si8102120wmg.68.2016.01.28.19.19.12         for <mjharmon@gmail.com>         (version=tls1_2 cipher=ecdhe-rsa-aes128-gcm-sha256 bits=128/128);         thu, 28 jan 2016 19:19:12 -0800 (pst)
03:19:30 W 0.1  10.255.0.4:39677 unable to re match Received header, please check: from spool.mail.gandi.net (mspool9-d.mgt.gandi.net [10.0.21.140])  by relay3-d.mail.gandi.net (postfix) with esmtp id caad6a80bf;  fri, 29 jan 2016 04:19:10 +0100 (cet)
03:19:30 W 0.1  10.255.0.4:39677 unable to re match Received header, please check: from mfilter35-d.gandi.net (mfilter35-d.gandi.net [217.70.178.166])  by spool.mail.gandi.net (postfix) with esmtp id a7ef459d72;  fri, 29 jan 2016 04:19:10 +0100 (cet)
03:19:30 W 0.1  10.255.0.4:39677 unable to re match Received header, please check: from spool.mail.gandi.net ([ipv6:::ffff:10.0.21.140])  by mfilter35-d.gandi.net (mfilter35-d.gandi.net [::ffff:10.0.15.180]) (amavisd-new, port 10024)  with esmtp id vqdzr3xyvqrp; fri, 29 jan 2016 04:19:08 +0100 (cet)
03:19:30 W 0.1  10.255.0.4:39677 unable to re match Received header, please check: from sc-ord-mta112.mtasv.net (sc-ord-mta112.mtasv.net [50.31.156.112])  by spool.mail.gandi.net (postfix) with esmtps id 0127559d74  for <mjh@norsec.org>; fri, 29 jan 2016 04:19:07 +0100 (cet)
03:19:30 W 0.1  10.255.0.4:39677 unable to re match Received header, please check: by sc-ord-mta112.mtasv.net id hlbd2o1jk5kf for <mjh@norsec.org>; thu, 28 jan 2016 22:19:07 -0500 (envelope-from <pm_bounces@pmbounces.asana.com>)
FirefighterBlu3 commented 8 years ago

commit fa42b05 starts addressing this with a set of regexes to try