line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Sisimai::ARF; |
2
|
7
|
|
|
7
|
|
4637
|
use feature ':5.10'; |
|
7
|
|
|
|
|
13
|
|
|
7
|
|
|
|
|
605
|
|
3
|
7
|
|
|
7
|
|
42
|
use strict; |
|
7
|
|
|
|
|
14
|
|
|
7
|
|
|
|
|
163
|
|
4
|
7
|
|
|
7
|
|
33
|
use warnings; |
|
7
|
|
|
|
|
13
|
|
|
7
|
|
|
|
|
200
|
|
5
|
7
|
|
|
7
|
|
429
|
use Sisimai::Lhost; |
|
7
|
|
|
|
|
17
|
|
|
7
|
|
|
|
|
162
|
|
6
|
7
|
|
|
7
|
|
37
|
use Sisimai::RFC5322; |
|
7
|
|
|
|
|
13
|
|
|
7
|
|
|
|
|
13830
|
|
7
|
|
|
|
|
|
|
|
8
|
2
|
|
|
2
|
0
|
832
|
sub description { return 'Abuse Feedback Reporting Format' } |
9
|
|
|
|
|
|
|
sub is_arf { |
10
|
|
|
|
|
|
|
# Email is a Feedback-Loop message or not |
11
|
|
|
|
|
|
|
# @param [Hash] heads Email header including "Content-Type", "From" and "Subject" field |
12
|
|
|
|
|
|
|
# @return [Integer] 1: Feedback Loop |
13
|
|
|
|
|
|
|
# 0: is not Feedback loop |
14
|
131
|
|
|
131
|
0
|
227
|
my $class = shift; |
15
|
131
|
|
50
|
|
|
308
|
my $heads = shift || return 0; |
16
|
131
|
|
|
|
|
180
|
my $match = 0; |
17
|
|
|
|
|
|
|
|
18
|
131
|
|
|
|
|
223
|
state $reportfrom = qr/(?:staff[@]hotmail[.]com|complaints[@]email-abuse[.]amazonses[.]com)\z/; |
19
|
|
|
|
|
|
|
|
20
|
131
|
100
|
|
|
|
706
|
if( $heads->{'content-type'} =~ /report-type=["]?feedback-report["]?/ ) { |
|
|
100
|
|
|
|
|
|
21
|
|
|
|
|
|
|
# Content-Type: multipart/report; report-type=feedback-report; ... |
22
|
101
|
|
|
|
|
187
|
$match = 1; |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
} elsif( index($heads->{'content-type'}, 'multipart/mixed') > -1 ) { |
25
|
|
|
|
|
|
|
# Microsoft (Hotmail, MSN, Live, Outlook) uses its own report format. |
26
|
|
|
|
|
|
|
# Amazon SES Complaints bounces |
27
|
19
|
|
|
|
|
123
|
my $p = Sisimai::Address->s3s4($heads->{'from'}); |
28
|
19
|
100
|
66
|
|
|
265
|
if( $p =~ $reportfrom && index($heads->{'subject'}, 'complaint about message from ') > -1 ) { |
29
|
|
|
|
|
|
|
# From: staff@hotmail.com |
30
|
|
|
|
|
|
|
# From: complaints@email-abuse.amazonses.com |
31
|
|
|
|
|
|
|
# Subject: complaint about message from 192.0.2.1 |
32
|
15
|
|
|
|
|
33
|
$match = 1; |
33
|
|
|
|
|
|
|
} |
34
|
|
|
|
|
|
|
} |
35
|
131
|
|
|
|
|
511
|
return $match; |
36
|
|
|
|
|
|
|
} |
37
|
|
|
|
|
|
|
|
38
|
|
|
|
|
|
|
sub make { |
39
|
|
|
|
|
|
|
# Detect an error for Feedback Loop |
40
|
|
|
|
|
|
|
# @param [Hash] mhead Message headers of a bounce email |
41
|
|
|
|
|
|
|
# @param [String] mbody Message body of a bounce email |
42
|
|
|
|
|
|
|
# @return [Hash] Bounce data list and message/rfc822 part |
43
|
|
|
|
|
|
|
# @return [Undef] failed to parse or the arguments are missing |
44
|
82
|
|
|
82
|
0
|
456
|
my $class = shift; |
45
|
82
|
|
100
|
|
|
272
|
my $mhead = shift // return undef; |
46
|
81
|
|
50
|
|
|
196
|
my $mbody = shift // return undef; |
47
|
81
|
50
|
|
|
|
225
|
return undef unless is_arf(undef, $mhead); |
48
|
|
|
|
|
|
|
|
49
|
|
|
|
|
|
|
# http://tools.ietf.org/html/rfc5965 |
50
|
|
|
|
|
|
|
# http://en.wikipedia.org/wiki/Feedback_loop_(email) |
51
|
|
|
|
|
|
|
# http://en.wikipedia.org/wiki/Abuse_Reporting_Format |
52
|
|
|
|
|
|
|
# |
53
|
|
|
|
|
|
|
# Netease DMARC uses: This is a spf/dkim authentication-failure report for an email message received from IP |
54
|
|
|
|
|
|
|
# OpenDMARC 1.3.0 uses: This is an authentication failure report for an email message received from IP |
55
|
|
|
|
|
|
|
# Abusix ARF uses: this is an autogenerated email abuse complaint regarding your network. |
56
|
81
|
|
|
|
|
172
|
state $startingof = { |
57
|
|
|
|
|
|
|
'rfc822' => ['Content-Type: message/rfc822', 'Content-Type: text/rfc822-headers'], |
58
|
|
|
|
|
|
|
'report' => ['Content-Type: message/feedback-report'], |
59
|
|
|
|
|
|
|
}; |
60
|
81
|
|
|
|
|
134
|
state $markingsof = { |
61
|
|
|
|
|
|
|
'message' => qr{\A(?> |
62
|
|
|
|
|
|
|
[Tt]his[ ]is[ ]a[ ][^ ]+[ ](?:email[ ])?[Aa]buse[ ][Rr]eport |
63
|
|
|
|
|
|
|
|[Tt]his[ ]is[ ]an[ ]email[ ]abuse[ ]report |
64
|
|
|
|
|
|
|
|[Tt]his[ ]is[ ](?: |
65
|
|
|
|
|
|
|
a[ ][^ ]+[ ]authentication[ -]failure[ ]report |
66
|
|
|
|
|
|
|
|an[ ]authentication[ -]failure[ ]report |
67
|
|
|
|
|
|
|
|an[ ]autogenerated[ ]email[ ]abuse[ ]complaint |
68
|
|
|
|
|
|
|
|an?[ ][^ ]+[ ]report[ ]for |
69
|
|
|
|
|
|
|
) |
70
|
|
|
|
|
|
|
) |
71
|
|
|
|
|
|
|
}x, |
72
|
|
|
|
|
|
|
}; |
73
|
81
|
|
|
|
|
183
|
state $indicators = Sisimai::Lhost->INDICATORS; |
74
|
81
|
|
|
|
|
188
|
state $longfields = Sisimai::RFC5322->LONGFIELDS; |
75
|
81
|
|
|
|
|
179
|
state $rfc822head = Sisimai::RFC5322->HEADERFIELDS; |
76
|
|
|
|
|
|
|
|
77
|
81
|
|
|
|
|
334
|
my $dscontents = [Sisimai::Lhost->DELIVERYSTATUS]; |
78
|
81
|
|
|
|
|
232
|
my $rfc822part = ''; # (String) message/rfc822-headers part |
79
|
81
|
|
|
|
|
125
|
my $previousfn = ''; # (String) Previous field name |
80
|
81
|
|
|
|
|
141
|
my $readcursor = 0; # (Integer) Points the current cursor position |
81
|
81
|
|
|
|
|
99
|
my $recipients = 0; # (Integer) The number of 'Final-Recipient' header |
82
|
81
|
|
|
|
|
131
|
my $rcptintext = ''; # (String) Recipient address in the message body |
83
|
81
|
|
|
|
|
283
|
my $commondata = { |
84
|
|
|
|
|
|
|
'diagnosis' => '', # Error message |
85
|
|
|
|
|
|
|
'from' => '', # Original-Mail-From: |
86
|
|
|
|
|
|
|
'rhost' => '', # Reporting-MTA: |
87
|
|
|
|
|
|
|
}; |
88
|
81
|
|
|
|
|
388
|
my $arfheaders = { |
89
|
|
|
|
|
|
|
'feedbacktype' => '', # Feedback-Type: |
90
|
|
|
|
|
|
|
'rhost' => '', # Source-IP: |
91
|
|
|
|
|
|
|
'agent' => '', # User-Agent: |
92
|
|
|
|
|
|
|
'date' => '', # Arrival-Date: |
93
|
|
|
|
|
|
|
'authres' => '', # Authentication-Results: |
94
|
|
|
|
|
|
|
}; |
95
|
81
|
|
|
|
|
177
|
my $v = undef; |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
# 3.1. Required Fields |
98
|
|
|
|
|
|
|
# |
99
|
|
|
|
|
|
|
# The following report header fields MUST appear exactly once: |
100
|
|
|
|
|
|
|
# |
101
|
|
|
|
|
|
|
# o "Feedback-Type" contains the type of feedback report (as defined |
102
|
|
|
|
|
|
|
# in the corresponding IANA registry and later in this memo). This |
103
|
|
|
|
|
|
|
# is intended to let report parsers distinguish among different |
104
|
|
|
|
|
|
|
# types of reports. |
105
|
|
|
|
|
|
|
# |
106
|
|
|
|
|
|
|
# o "User-Agent" indicates the name and version of the software |
107
|
|
|
|
|
|
|
# program that generated the report. The format of this field MUST |
108
|
|
|
|
|
|
|
# follow section 14.43 of [HTTP]. This field is for documentation |
109
|
|
|
|
|
|
|
# only; there is no registry of user agent names or versions, and |
110
|
|
|
|
|
|
|
# report receivers SHOULD NOT expect user agent names to belong to a |
111
|
|
|
|
|
|
|
# known set. |
112
|
|
|
|
|
|
|
# |
113
|
|
|
|
|
|
|
# o "Version" indicates the version of specification that the report |
114
|
|
|
|
|
|
|
# generator is using to generate the report. The version number in |
115
|
|
|
|
|
|
|
# this specification is set to "1". |
116
|
|
|
|
|
|
|
# |
117
|
81
|
|
|
|
|
931
|
for my $e ( split("\n", $$mbody) ) { |
118
|
|
|
|
|
|
|
# Read each line between the start of the message and the start of rfc822 part. |
119
|
|
|
|
|
|
|
|
120
|
|
|
|
|
|
|
# This is an email abuse report for an email message with the |
121
|
|
|
|
|
|
|
# message-id of 0000-000000000000000000000000000000000@mx |
122
|
|
|
|
|
|
|
# received from IP address 192.0.2.1 on |
123
|
|
|
|
|
|
|
# Thu, 29 Apr 2010 00:00:00 +0900 (JST) |
124
|
2511
|
100
|
33
|
|
|
8198
|
$commondata->{'diagnosis'} ||= $e if $e =~ $markingsof->{'message'}; |
125
|
|
|
|
|
|
|
|
126
|
2511
|
100
|
|
|
|
3497
|
unless( $readcursor ) { |
127
|
|
|
|
|
|
|
# Beginning of the bounce message or message/delivery-status part |
128
|
538
|
100
|
|
|
|
1319
|
$readcursor |= $indicators->{'deliverystatus'} if index($e, $startingof->{'report'}->[0]) == 0; |
129
|
|
|
|
|
|
|
} |
130
|
|
|
|
|
|
|
|
131
|
2511
|
100
|
|
|
|
3638
|
unless( $readcursor & $indicators->{'message-rfc822'} ) { |
132
|
|
|
|
|
|
|
# Beginning of the original message part |
133
|
1238
|
100
|
100
|
|
|
4060
|
if( index($e, $startingof->{'rfc822'}->[0]) == 0 || |
134
|
|
|
|
|
|
|
index($e, $startingof->{'rfc822'}->[1]) == 0 ) { |
135
|
76
|
|
|
|
|
164
|
$readcursor |= $indicators->{'message-rfc822'}; |
136
|
76
|
|
|
|
|
123
|
next; |
137
|
|
|
|
|
|
|
} |
138
|
|
|
|
|
|
|
} |
139
|
|
|
|
|
|
|
|
140
|
2435
|
100
|
|
|
|
3582
|
if( $readcursor & $indicators->{'message-rfc822'} ) { |
141
|
|
|
|
|
|
|
# message/rfc822 OR text/rfc822-headers part |
142
|
1273
|
100
|
|
|
|
3437
|
if( $e =~ /X-HmXmrOriginalRecipient:[ ]*(.+)\z/ ) { |
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
143
|
|
|
|
|
|
|
# Microsoft ARF: original recipient. |
144
|
15
|
|
|
|
|
63
|
$dscontents->[-1]->{'recipient'} = Sisimai::Address->s3s4($1); |
145
|
15
|
|
|
|
|
39
|
$recipients++; |
146
|
|
|
|
|
|
|
|
147
|
|
|
|
|
|
|
# The "X-HmXmrOriginalRecipient" header appears only once so |
148
|
|
|
|
|
|
|
# we take this opportunity to hard-code ARF headers missing in |
149
|
|
|
|
|
|
|
# Microsoft's implementation. |
150
|
15
|
|
|
|
|
30
|
$arfheaders->{'feedbacktype'} = 'abuse'; |
151
|
15
|
|
|
|
|
36
|
$arfheaders->{'agent'} = 'Microsoft Junk Mail Reporting Program'; |
152
|
|
|
|
|
|
|
|
153
|
|
|
|
|
|
|
} elsif( $e =~ /\AFrom:[ ]*(.+)\z/ ) { |
154
|
|
|
|
|
|
|
# Microsoft ARF: original sender. |
155
|
71
|
|
66
|
|
|
289
|
$commondata->{'from'} ||= Sisimai::Address->s3s4($1); |
156
|
71
|
|
|
|
|
132
|
$previousfn = 'from'; |
157
|
|
|
|
|
|
|
|
158
|
|
|
|
|
|
|
} elsif( $e =~ /\A[ \t]+/ ) { |
159
|
|
|
|
|
|
|
# Continued line from the previous line |
160
|
207
|
100
|
|
|
|
401
|
if( $previousfn eq 'from' ) { |
161
|
|
|
|
|
|
|
# Multiple lines at From: field |
162
|
5
|
|
|
|
|
15
|
$commondata->{'from'} .= $e; |
163
|
5
|
|
|
|
|
12
|
next; |
164
|
|
|
|
|
|
|
|
165
|
|
|
|
|
|
|
} else { |
166
|
202
|
50
|
|
|
|
360
|
$rfc822part .= $e."\n" if exists $longfields->{ $previousfn }; |
167
|
202
|
50
|
|
|
|
445
|
next if length $e; |
168
|
|
|
|
|
|
|
} |
169
|
0
|
0
|
|
|
|
0
|
$rcptintext .= $e if $previousfn eq 'to'; |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
} else { |
172
|
|
|
|
|
|
|
# Get required headers only |
173
|
980
|
|
|
|
|
2674
|
my($lhs, $rhs) = split(/:[ ]*/, $e, 2); |
174
|
980
|
100
|
100
|
|
|
2607
|
next unless $lhs = lc($lhs || ''); |
175
|
|
|
|
|
|
|
|
176
|
859
|
|
|
|
|
920
|
$previousfn = ''; |
177
|
859
|
100
|
|
|
|
1911
|
next unless exists $rfc822head->{ $lhs }; |
178
|
|
|
|
|
|
|
|
179
|
309
|
|
|
|
|
369
|
$previousfn = $lhs; |
180
|
309
|
|
|
|
|
600
|
$rfc822part .= $e."\n"; |
181
|
309
|
100
|
|
|
|
693
|
$rcptintext = $rhs if $lhs eq 'to'; |
182
|
|
|
|
|
|
|
} |
183
|
|
|
|
|
|
|
} else { |
184
|
|
|
|
|
|
|
# message/feedback-report part |
185
|
1162
|
100
|
|
|
|
1820
|
next unless $readcursor & $indicators->{'deliverystatus'}; |
186
|
705
|
100
|
|
|
|
1168
|
next unless length $e; |
187
|
|
|
|
|
|
|
|
188
|
|
|
|
|
|
|
# Feedback-Type: abuse |
189
|
|
|
|
|
|
|
# User-Agent: SomeGenerator/1.0 |
190
|
|
|
|
|
|
|
# Version: 0.1 |
191
|
|
|
|
|
|
|
# Original-Mail-From: |
192
|
|
|
|
|
|
|
# Original-Rcpt-To: |
193
|
|
|
|
|
|
|
# Received-Date: Thu, 29 Apr 2009 00:00:00 JST |
194
|
|
|
|
|
|
|
# Source-IP: 192.0.2.1 |
195
|
644
|
|
|
|
|
743
|
$v = $dscontents->[-1]; |
196
|
|
|
|
|
|
|
|
197
|
644
|
100
|
100
|
|
|
4418
|
if( $e =~ /\AOriginal-Rcpt-To:[ ]+[<]?(.+)[>]?\z/ || |
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
198
|
|
|
|
|
|
|
$e =~ /\ARedacted-Address:[ ]([^ ].+[@])\z/ ) { |
199
|
|
|
|
|
|
|
# Original-Rcpt-To header field is optional and may appear any |
200
|
|
|
|
|
|
|
# number of times as appropriate: |
201
|
|
|
|
|
|
|
# Original-Rcpt-To: |
202
|
|
|
|
|
|
|
# Redacted-Address: localpart@ |
203
|
71
|
100
|
|
|
|
199
|
if( $v->{'recipient'} ) { |
204
|
|
|
|
|
|
|
# There are multiple recipient addresses in the message body. |
205
|
35
|
|
|
|
|
110
|
push @$dscontents, Sisimai::Lhost->DELIVERYSTATUS; |
206
|
35
|
|
|
|
|
67
|
$v = $dscontents->[-1]; |
207
|
|
|
|
|
|
|
} |
208
|
71
|
|
|
|
|
261
|
$v->{'recipient'} = Sisimai::Address->s3s4($1); |
209
|
71
|
|
|
|
|
136
|
$recipients++; |
210
|
|
|
|
|
|
|
|
211
|
|
|
|
|
|
|
} elsif( $e =~ /\AFeedback-Type:[ ]*([^ ]+)\z/ ) { |
212
|
|
|
|
|
|
|
# The header field MUST appear exactly once. |
213
|
|
|
|
|
|
|
# Feedback-Type: abuse |
214
|
66
|
|
|
|
|
310
|
$arfheaders->{'feedbacktype'} = $1; |
215
|
|
|
|
|
|
|
|
216
|
|
|
|
|
|
|
} elsif( $e =~ /\AAuthentication-Results:[ ]*(.+)\z/ ) { |
217
|
|
|
|
|
|
|
# "Authentication-Results" indicates the result of one or more |
218
|
|
|
|
|
|
|
# authentication checks run by the report generator. |
219
|
|
|
|
|
|
|
# |
220
|
|
|
|
|
|
|
# Authentication-Results: mail.example.com; |
221
|
|
|
|
|
|
|
# spf=fail smtp.mail=somespammer@example.com |
222
|
25
|
|
|
|
|
102
|
$arfheaders->{'authres'} = $1; |
223
|
|
|
|
|
|
|
|
224
|
|
|
|
|
|
|
} elsif( $e =~ /\AUser-Agent:[ ]*(.+)\z/ ) { |
225
|
|
|
|
|
|
|
# The header field MUST appear exactly once. |
226
|
|
|
|
|
|
|
# User-Agent: SomeGenerator/1.0 |
227
|
66
|
|
|
|
|
215
|
$arfheaders->{'agent'} = $1; |
228
|
|
|
|
|
|
|
|
229
|
|
|
|
|
|
|
} elsif( $e =~ /\A(?:Received|Arrival)-Date:[ ]*(.+)\z/ ) { |
230
|
|
|
|
|
|
|
# Arrival-Date header is optional and MUST NOT appear more than |
231
|
|
|
|
|
|
|
# once. |
232
|
|
|
|
|
|
|
# Received-Date: Thu, 29 Apr 2010 00:00:00 JST |
233
|
|
|
|
|
|
|
# Arrival-Date: Thu, 29 Apr 2010 00:00:00 +0000 |
234
|
51
|
|
|
|
|
209
|
$arfheaders->{'date'} = $1; |
235
|
|
|
|
|
|
|
|
236
|
|
|
|
|
|
|
} elsif( $e =~ /\AReporting-MTA:[ ]*dns;[ ]*(.+)\z/ ) { |
237
|
|
|
|
|
|
|
# The header is optional and MUST NOT appear more than once. |
238
|
|
|
|
|
|
|
# Reporting-MTA: dns; mx.example.jp |
239
|
0
|
|
|
|
|
0
|
$commondata->{'rhost'} = $1; |
240
|
|
|
|
|
|
|
|
241
|
|
|
|
|
|
|
} elsif( $e =~ /\ASource-I[Pp]:[ ]*(.+)\z/ ) { |
242
|
|
|
|
|
|
|
# The header is optional and MUST NOT appear more than once. |
243
|
|
|
|
|
|
|
# Source-IP: 192.0.2.45 |
244
|
46
|
|
|
|
|
151
|
$arfheaders->{'rhost'} = $1; |
245
|
|
|
|
|
|
|
|
246
|
|
|
|
|
|
|
} elsif( $e =~ /\AOriginal-Mail-From:[ ]*(.+)\z/ ) { |
247
|
|
|
|
|
|
|
# the header is optional and MUST NOT appear more than once. |
248
|
|
|
|
|
|
|
# Original-Mail-From: |
249
|
50
|
|
33
|
|
|
385
|
$commondata->{'from'} ||= Sisimai::Address->s3s4($1); |
250
|
|
|
|
|
|
|
} |
251
|
|
|
|
|
|
|
} # End of if: rfc822 |
252
|
|
|
|
|
|
|
} |
253
|
|
|
|
|
|
|
|
254
|
81
|
50
|
66
|
|
|
491
|
if( ($arfheaders->{'feedbacktype'} eq 'auth-failure' ) && $arfheaders->{'authres'} ) { |
255
|
|
|
|
|
|
|
# Append the value of Authentication-Results header |
256
|
15
|
|
|
|
|
69
|
$commondata->{'diagnosis'} .= ' '.$arfheaders->{'authres'} |
257
|
|
|
|
|
|
|
} |
258
|
|
|
|
|
|
|
|
259
|
81
|
100
|
|
|
|
204
|
unless( $recipients ) { |
260
|
|
|
|
|
|
|
# The original recipient address was not found |
261
|
30
|
100
|
|
|
|
171
|
if( $rfc822part =~ /^To: (.+[@].+)$/m ) { |
262
|
|
|
|
|
|
|
# pick the address from To: header in message/rfc822 part. |
263
|
15
|
|
|
|
|
59
|
$dscontents->[-1]->{'recipient'} = Sisimai::Address->s3s4($1); |
264
|
|
|
|
|
|
|
|
265
|
|
|
|
|
|
|
} else { |
266
|
|
|
|
|
|
|
# Insert pseudo recipient address when there is no valid recipient |
267
|
|
|
|
|
|
|
# address in the message. |
268
|
15
|
|
|
|
|
125
|
$dscontents->[-1]->{'recipient'} = Sisimai::Address->undisclosed('r'); |
269
|
|
|
|
|
|
|
} |
270
|
30
|
|
|
|
|
69
|
$recipients = 1; |
271
|
|
|
|
|
|
|
} |
272
|
|
|
|
|
|
|
|
273
|
81
|
50
|
|
|
|
288
|
unless( $rfc822part =~ /\bFrom: [^ ]+[@][^ ]+\b/ ) { |
274
|
|
|
|
|
|
|
# There is no "From:" header in the original message |
275
|
|
|
|
|
|
|
# Append the value of "Original-Mail-From" value as a sender address. |
276
|
81
|
100
|
|
|
|
340
|
$rfc822part .= 'From: '.$commondata->{'from'}."\n" if $commondata->{'from'}; |
277
|
|
|
|
|
|
|
} |
278
|
|
|
|
|
|
|
|
279
|
81
|
100
|
|
|
|
331
|
if( $mhead->{'subject'} =~ /complaint about message from (\d{1,3}[.]\d{1,3}[.]\d{1,3}[.]\d{1,3})/ ) { |
280
|
|
|
|
|
|
|
# Microsoft ARF: remote host address. |
281
|
15
|
|
|
|
|
65
|
$arfheaders->{'rhost'} = $1; |
282
|
|
|
|
|
|
|
$commondata->{'diagnosis'} = sprintf( |
283
|
|
|
|
|
|
|
"This is a Microsoft email abuse report for an email message received from IP %s on %s", |
284
|
15
|
|
|
|
|
87
|
$arfheaders->{'rhost'}, $mhead->{'date'}); |
285
|
|
|
|
|
|
|
} |
286
|
|
|
|
|
|
|
|
287
|
81
|
|
|
|
|
208
|
for my $e ( @$dscontents ) { |
288
|
|
|
|
|
|
|
# AOL = http://forums.cpanel.net/f43/aol-brutal-work-71473.html |
289
|
116
|
100
|
|
|
|
362
|
$e->{'recipient'} = Sisimai::Address->s3s4($rcptintext) if $e->{'recipient'} =~ /\A[^ ]+[@]\z/; |
290
|
116
|
|
66
|
|
|
1606
|
$e->{ $_ } ||= $arfheaders->{ $_ } for keys %$arfheaders; |
291
|
116
|
|
|
|
|
269
|
delete $e->{'authres'}; |
292
|
|
|
|
|
|
|
|
293
|
116
|
|
|
|
|
254
|
$e->{'softbounce'} = -1; |
294
|
116
|
|
33
|
|
|
479
|
$e->{'diagnosis'} ||= $commondata->{'diagnosis'}; |
295
|
116
|
|
|
|
|
609
|
$e->{'diagnosis'} = Sisimai::String->sweep($e->{'diagnosis'}); |
296
|
116
|
|
66
|
|
|
422
|
$e->{'date'} ||= $mhead->{'date'}; |
297
|
116
|
|
|
|
|
219
|
$e->{'reason'} = 'feedback'; |
298
|
116
|
|
|
|
|
183
|
$e->{'command'} = ''; |
299
|
116
|
|
|
|
|
178
|
$e->{'action'} = ''; |
300
|
116
|
|
|
|
|
155
|
$e->{'agent'} = 'Feedback-Loop'; |
301
|
|
|
|
|
|
|
|
302
|
|
|
|
|
|
|
# Get the remote IP address from the message body |
303
|
116
|
100
|
|
|
|
312
|
next if $e->{'rhost'}; |
304
|
20
|
50
|
|
|
|
129
|
if( $commondata->{'rhost'} ) { |
|
|
50
|
|
|
|
|
|
305
|
|
|
|
|
|
|
# The value of "Reporting-MTA" header |
306
|
0
|
|
|
|
|
0
|
$e->{'rhost'} = $commondata->{'rhost'}; |
307
|
|
|
|
|
|
|
|
308
|
|
|
|
|
|
|
} elsif( $e->{'diagnosis'} =~ /\breceived from IP address ([^ ]+)/ ) { |
309
|
|
|
|
|
|
|
# This is an email abuse report for an email message received |
310
|
|
|
|
|
|
|
# from IP address 24.64.1.1 on Thu, 29 Apr 2010 00:00:00 +0000 |
311
|
0
|
|
|
|
|
0
|
$e->{'rhost'} = $1; |
312
|
|
|
|
|
|
|
} |
313
|
|
|
|
|
|
|
} |
314
|
81
|
|
|
|
|
597
|
return { 'ds' => $dscontents, 'rfc822' => $rfc822part }; |
315
|
|
|
|
|
|
|
} |
316
|
|
|
|
|
|
|
|
317
|
|
|
|
|
|
|
1; |
318
|
|
|
|
|
|
|
__END__ |