You are visiting from: US|
| ||||||
|
|
| You are visiting from: US |
spamassassin Bogon IP addresses pluginA recent bogon research projects has showed that almost 5% of all the SPAM email contain an bogon IP address in the headers. To detect this, a plugin for spamassassin has been written. This plugin will scan emails for bogon IP addresses in the "received from" headers. This will improve the spam detection when using spamassassin. It can also be used to do further research regarding bogon ip addresses and spam.
Below is the source code for the spamassassin plugin. There are 2 files:
BOGONRECEIVEDLINE.CFloadplugin BogonReceivedLine bogonreceivedline.pm header BOGONRECEIVEDLINE eval:bogonreceivedline() describe BOGONRECEIVEDLINE Check for begon ip header lines tflags BOGONRECEIVEDLINE net score BOGONRECEIVEDLINE 1 BOGONRECEIVEDLINE.PM
package BogonReceivedLine;
use strict;
use Mail::SpamAssassin;
use Mail::SpamAssassin::Plugin;
use Net::Netmask;
our @ISA = qw(Mail::SpamAssassin::Plugin);
sub new {
my ($class, $mailsa) = @_;
$class = ref($class) || $class;
my $self = $class->SUPER::new($mailsa);
bless ($self, $class);
$self->register_eval_rule("bogonreceivedline");
return $self;
}
sub bogonreceivedline {
my ($self, $permsgstatus) = @_;
my $hits = 0;
my $received = $permsgstatus->get("Received");
my @recs = split('\n',$received);
for (@recs) {
my $ip;
if ($_ =~ /.+\[(\d+\.\d+\.\d+\.\d+)\]\)/) {
$ip = $1;
if(defined(findNetblock($ip))) {
my $localhost = Net::Netmask->new("127.0.0.1");
if (!$localhost->match($ip)) {
#print STDERR "$ip\t" . findNetblock($ip) . "\n";
$hits = 1;
}
}
}
#print STDERR "ERROR: $_\n";
}
return 1 if $hits;
return 0;
}
my @prefixes;
# download http://www.cymru.com/Documents/bogon-bn-nonagg.txt
# make sure to remove RFC1918 space from the bogon list!!!
open(MYINPUTFILE, ") {
my($line) = $_;
chomp($line);
push(@prefixes, $line);
#$hash{$line};
}
close(MYINPUTFILE);
for my $b (@prefixes) {
my $x = new Net::Netmask ($b);
$x->storeNetblock();
}
1;
|
|
| Andree Toonk.
Last Modified: 10/01/2009 |