Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Enhanced AppleScript rule to check Mail against blackhole lists' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Enhanced AppleScript rule to check Mail against blackhole lists
Authored by: msk on May 28, '03 12:25:06PM

The posted Applescript needed some major changes to work in my environment (multiple trusted MTA between me and the outside world and incompatibility with EIMS, Eudora Internet Mail Server (Mac only mail server good for 1 to 10,000+ users), used by hobbists through ISPs).

The changes make the script parse the received headers one at a time and lookup any untrusted IP addresses rather than just the first IP address from a Sendmail based server.

[code]
(* SpamHolio v0.6-msk
Real Time Blackhole list lookups for E-Mails in your In Box for OS X 10.2/Mail
Applescript by David C. Chen, released under GPL, May 27, 2003
Make sure that the Black Hole List you are checking against allows public use
before you use it, also make sure that you understand how a DNS query against
Black Hole List works and how it could effect your incoming e-mails.
Not responsible for any loss of data or any inaccuracies in processing e-mails.
This is FREEWARE, review and understand the source, use at your own risk!!!

modified May 27, 2003 by M. Kluskens
? parse out all Received headers (important if mail passes through several trusted email servers)
? parse out the IP address from Eudora Internet mail Server headers (EIMS)
? added trusted IP address list
*)

on perform_mail_action(info)

(* Prompt levels: 0=no dialog boxes, 1=show dialog boxes when Spam is found, 2=show all dialog boxes, 3 =debug/verbose *)
set ShowPrompts to 0

-- list of trusted IP addresses not to look up
set TrustedIPlist to {"127.0.0.1", "203.97.196.98", "219.88.68.80"}

set BlackListsToCheck to {"bl.spamcop.net", "relays.osirusoft.com", "relays.ordb.org", "blackholes.wirehub.net", "list.dsbl.org", "dynablock.wirehub.net", "dialups.visi.com"}

(* Perform a nslookup against various RBL blacklists as DNS queries by executing the following: *)
(* nslookup IP4.IP3.IP2.IP1.[blacklist], a result of 127.0.0.2 is ususlly indicative of a positive match *)
(* Some Blacklists: bl.spamcop.net, relays.ordb.org, orbs.dorkslayers.com, dev.null.dk, relays.visi.com
relays.osirusoft.com (a.k.a. SPEWS uses 127.0.0.4 as a positive match) *)

tell application "Mail"
(* Process messages in the IN Box *)

set NewMail to |SelectedMessages| of info
repeat with CurrentMessage in NewMail
set RawSource to source of CurrentMessage
-- separate out different headers to check more than just the first [] pair
set HeaderName to "Start" as string
set ResolvedIP to "Cleared" as string
set loopCount to 1
-- checking complete when Subject, Date, From, or To header encountered
repeat until (HeaderName = "Subject:" or HeaderName = "Date:" or HeaderName = "From:" or HeaderName = "To:")
set Header to paragraph loopCount of RawSource
set Headerstart to the (offset of ":" in Header)
if (Headerstart > 0) then
set HeaderName to (characters 1 thru Headerstart of Header) as string
-- append the rest of the header text to the header (plus any uninteresting headers)
repeat
set Header2 to paragraph (loopCount + 1) of RawSource
set HeaderStart2 to the (offset of ":" in Header2)
if (HeaderStart2 ? 0) then
set HeaderName2 to (characters 1 thru HeaderStart2 of Header2) as string
if (HeaderName2 = "Received:" or HeaderName2 = "Subject:" or HeaderName2 = "Date:" or HeaderName2 = "From:" or HeaderName2 = "To:") then exit repeat
end if
set loopCount to loopCount + 1
set Header to (Header & Header2)
end repeat

if (HeaderName = "Received:") then
(* Locate the Originating IP Address in the raw E-Mail header *)
-- Sendmail and others
set start to the (offset of "[" in Header) + 1
set finish to the (offset of "]" in Header) - 1
-- Eudora Internet Mail Server
if (start = 1 or finish = -1) then
set start to the (offset of "(" in Header) + 1
set finish to the (offset of ")" in Header) - 1
end if

if (start < finish) then

set IPAddress to (characters start thru finish of Header) as string
if (ShowPrompts > 2) then
display dialog " Relay's IP " & IPAddress
end if

if (IPAddress is not in TrustedIPlist) then
(* Parse the IPAddress text into its IP1.IP2.IP3.IP4 fields, starting from the end IP4 to IP1 *)
copy text (((length of IPAddress) + 2) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP4
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IPAddress

copy text (((length of IPAddress) + 1) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP3
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IPAddress

copy text (((length of IPAddress) + 1) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP2
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IP1

repeat with BlackList in BlackListsToCheck
set LookUpResult to do shell script ("nslookup " & IP4 & IP3 & IP2 & "." & IP1 & "." & BlackList)

(* Parse the tail end of the last line looking for a match *)

set resultoffset to (((length of LookUpResult) + 1) - (offset of ":" in (((reverse of characters of LookUpResult)) as string)))
copy text (resultoffset + 3) thru (resultoffset + 10) of LookUpResult to ResolvedIP

if ResolvedIP = "127.0.0." then
set ResolvedIP to "SPAM!!!" as string
else
set ResolvedIP to "Cleared" as string
end if

if (ResolvedIP = "SPAM!!!") then exit repeat
end repeat
end if -- ( IPAddress is not is TrustedIPlist)
end if -- ( start < finish )
end if -- ( Headername = "Received:" )
end if -- ( Headerstart > 0 )
set loopCount to loopCount + 1
if (ResolvedIP = "SPAM!!!") then exit repeat
end repeat -- until

(* If it was listed in the RBL Move message to Junk folder and mark as Junk mail *)
if (ResolvedIP = "SPAM!!!") then
if (ShowPrompts > 0) then
display dialog "Found SPAM listed on " & BlackList & "
Move Message to Junk Mail" & "

From: " & (sender of CurrentMessage) & "

Subject: " & (subject of CurrentMessage)
end if

set is junk mail of CurrentMessage to true
-- change this line to match your junk/spam mailbox
set mailbox of CurrentMessage to mailbox "Junk"

else
if (ShowPrompts > 1) then
display dialog ResolvedIP & " Sender's IP " & IP1 & IP2 & IP3 & "." & IP4 & "

From: " & (sender of CurrentMessage) & "

Subject: " & (subject of CurrentMessage)
end if
end if

end repeat
end tell
end perform_mail_action
[/code]



[ Reply to This | # ]
Enhanced AppleScript rule to check Mail against blackhole lists
Authored by: DaveCC on May 28, '03 08:04:39PM

Excellent, just the sort of more intelligent IP Parsing I was looking for (but wasn't good enough with AppleScript to do myself).

Is there a Typo with this line:
if (HeaderStart2 ? 0) then

As this does not compile. Haven't been able to try it out because of this.

Dave C

---
I'm much calmer now that I don't use WinBlow$ anymore.



[ Reply to This | # ]
Enhanced AppleScript rule to check Mail against blackhole lists
Authored by: msk on May 29, '03 02:07:17PM

Side effect of pasting AppleScript into these windows--some of the characters get messed up. In this case the character is do not equals (option-= on a Mac keyboard).

I sent Dave the actual script compressed in a StuffIt file and when I remember I'll post the code at <http://users.starpower.net/mkluskens/eims/>.



[ Reply to This | # ]
Enhanced AppleScript rule to check Mail against blackhole lists
Authored by: msk on May 29, '03 04:58:11PM

The > character can also be used in that location, as in:

set HeaderStart2 to the (offset of ":" in Header2)
if (HeaderStart2 > 0) then
set HeaderName2 to (characters 1 thru HeaderStart2 of Header2) as string



[ Reply to This | # ]
Enhanced script uploaded
Authored by: robg on May 30, '03 09:39:51AM
I have uploaded SpamHolioEIMS.sit to the macosxhints' download site, so just click that link to get the script.

regards; -rob.

[ Reply to This | # ]
Enhanced script uploaded still doesn't move to Spam!
Authored by: jonahlee on Jun 02, '03 10:17:35AM

So now I have the Enhanced Applescript installed and still while it correctly identifies SPAM that the built in SPAM checker misses, but it doens't move it to the Spam filter weather I have it placed before or after the built in SPAM filter. Has anyone else figure out the proper way to script to move mail into the Junk folder.

---
- Jonah Lee



[ Reply to This | # ]
Enhanced script uploaded still doesn't move to Spam!
Authored by: msk on Jun 03, '03 08:43:23AM

Perhaps if you renamed the Junk mailbox it would work better, it works at home and at work for me but my Junk mailbox is called "?Junk" and "Spam" (? is an opt-8 bullet).

Also, if you are using this over a dialup line you should reduce the number of blacklists to maybe one or two, otherwise your pop server will time out on you. Spamcop is a good choice for one.



[ Reply to This | # ]