clientip and CusomConfig.pm

Thu Jul 19 18:55:39 IST 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt Standish wrote:
> Hi,
> I recently posted a similar message to the mailwatch list and after
> further research I think it may be better asked here. I would also
> like to add that the MailScanner source is documented beautifully.
> Thanks for a great product.
Thanks! Glad you like the comments :-)
I try to work by putting in the comments first, to form the code 
structure, then just drop in the code to do what the docs say it should 
do. Works most of the time.

>
> I would like to alter MailWatch.pm in customfunctions to to log the IP
> address of the original sender of the message or the last sender
> before my spamassassin trusted_networks list.  Currently it logs
> clientip which is the previous hop.  This would do if I could list my
> scanner as the MX but because of my institutions size this is simply
> not possible.
>
> For example if I have a message that took this path:
>
> 10.10.100.1 badguy.spam.net
> 192.168.100.1  evil.internet.com
> 192.168.200.1  untrusted.internet.com
> 192.168.1.1  trustedrelay.mydomain.com
> 192.168.15.1 trustedrelay2.mydomain.com
> 192.168.10.1 mymailscanner.mydomain.com
>
> spamassassin trusted_networds = 192.168.15.1/32 192.168.10.1/32 
> 192.168.1.1/32
>
> 192.168.1.1 and 192.168.15.1 would not be logged but 192.168.200.1 would.
>
> I am looking through Message.pm and CustomConfig.pm to try and create
> another function to grab this info from the headers.  Am I correct in
> assuming that I would add the function in CustomConfig.pm to avoid
> problems when upgrading?  Am I even looking in the right place?  Has
> this already been done?
You would have to parse the Received: headers, which SpamAssassin does, 
so you could borrow their code. You are right in saying the 
CustomConfig.pm (or any .pm file in the CustomFunctions directory, which 
may be easier to maintain) is the right place to put code that won't get 
over-written by an upgrade.

You could add a CustomFunction to any old configuration setting that 
simply returns a yes/no value for example, with the side-effect of it 
working out a new property of the $message object. You could create your 
own property $message->{untrustedclientip} and then tweak MailWatch to 
log that property as well as, or instead of, the $message->{clientip} 
property.

Hope that points you in the right direction.

Jules.
>
>
> Any ideas?
> Thanks.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: ISO-8859-1

wj8DBQFGn6WcEfZZRxQVtlQRAkfBAKCnonp2GyDwWOQZS5a8gArl5Lvv0QCfYCu4
Vo4yyW6bC9kRstsArLp9W/s=
=XBzz
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk