Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- #
- # This script takes a series of ARF messages, and stores certain attributes
- # about these messages, so that other applications can easily look into
- # only the messages that they care about without having to go into lots
- # and lots of files.
- use strict;
- use Time::ParseDate; # libtime-modules-perl
- use lib( '/abuse/AUP/lib' );
- use Email::ARF::Report;
- use MLDBM;
- use Fcntl;
- my %o;
- my $dbm = tie %o, 'MLDBM', '/abuse/AUP/bin/complaintdb', O_CREAT|O_RDWR, 0640 or die $!;
- REPORT:for my $filename ( <> ){
- chomp( $filename );
- my $fn_comp;
- if( $filename =~ /(\/data\/staff\/abuse\/fbl\/)(\S+)/ ){
- $fn_comp = $2;
- }
- if( defined $o{$fn_comp}){
- print "Skipping [$filename]\n";
- next REPORT;
- }
- print "opening [$filename]\n";
- open FD, "<$filename";
- my $text = do { local $/ ; <FD>; };
- close FD;
- my $report = Email::ARF::Report->new( $text ) or next REPORT;
- my $evidence = $report->original_email();
- my $auth;
- $auth = NAMEOFFUNCTIONTHATEXTRACTSACCOUNTNAME $_ for ( $evidence->header( "X-Session-Marker" ) );
- $auth = lc $auth;
- if( $auth =~ /^$/){
- $o{ $fn_comp } = { };
- print "Skipping forward [$filename]\n";
- next REPORT;
- }
- my $epoch;
- RECEIVED:for my $received ( $evidence->header( "Received" ) ) {
- if( $received =~ /by omf\d+\.(?:(?:a|b)\.)?hostedemail\.com/ ){
- $epoch = parsedate( $1 ) if $received =~ /;(.+)/;
- last RECEIVED;
- }
- }
- my ($subject, $from, $replyto );
- $subject = $_ for ( $evidence->header( "Subject" ) );
- $from = $_ for ( $evidence->header( "From" ) );
- $replyto = $_ for ( $evidence->header( "Reply-To" ) );
- my @ips = join( " ", $evidence->header( "Received" ) ) =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/g;
- print "Account: $auth\n\t";
- print "Subject: $subject\n\t";
- print join( "\n\t", @ips ) . "\n";
- $o{ $fn_comp } = { auth => $auth, ips => \@ips, subject => $subject, from => $from, replyto => $replyto, epoch => $epoch } or next REPORT;
- }
Add Comment
Please, Sign In to add comment