Closed msimerson closed 9 years ago
The SPF plugin shouldn't be an issue because of the way the ipv6 addresses are parsed. The bounce_spf stuff though yeah - I thought I'd been careful with the regexps, but I guess not. Do you happen to have the headers of that message?
Do you happen to have the headers of that message?
Only the ones I saved in ES, which are not likely the ones you want:
"From": "<postmaster@frgi.onmicrosoft.com>"
"To": "<K*****tt@s******s.com>"
"Subject": "Undeliverable: cabana Beverage"
Yeah - I need the Received headers. Surprised you don't store the whole set of headers in ES in one big field (I'm doing that here).
Actually - I just realised; that wouldn't help anyway - the Received headers in this case would be in the message body of a MIME part as we're talking about a bounce.
Indeed. My intent is to (when I find time) introduce a test case that exercises this.
I think this a much better regexp than my original:
^Received:.*[\[\(](\d+\.\d+\.\d+\.\d+|[a-fA-F0-9]+:{1,2}[a-fA-F0-9:]+)[\]\)]
I think this a much better regexp than my original
I think your received parsing regexp should go in utils, where it could get covered by a nice variety of Received headers. The utils version should replace the regexp in connect.geoip that also parses Received headers. A future data.headers
function that checks for a Network Level Consistent path (the from-domain of the current Received: header belongs to the same network prefix as the by-domain of the previous Received: header) would also use it.
PR #1120
I think also the regexp should go in the utils. @msimerson will you do the take it to the utils?
Maybe just need to pre-validate, or use try / catch to better handle this.