#!/usr/bin/perl## This script takes a series of ARF messages, and stores certa

1. #!/usr/bin/perl
2. #
3. # This script takes a series of ARF messages, and stores certain attributes
4. # about these messages, so that other applications can easily look into
5. # only the messages that they care about without having to go into lots
6. # and lots of files.
7. use strict;
8. use Time::ParseDate; # libtime-modules-perl
9. use lib( '/abuse/AUP/lib' );
10. use Email::ARF::Report;
11. use MLDBM;
12. use Fcntl;
13.  
14. my %o;
15. my $dbm = tie %o, 'MLDBM', '/abuse/AUP/bin/complaintdb', O_CREAT|O_RDWR, 0640 or die $!;
16.  
17. REPORT:for my $filename ( <> ){
18. chomp( $filename );
19.  
20. my $fn_comp;
21. if( $filename =~ /(\/data\/staff\/abuse\/fbl\/)(\S+)/ ){
22. $fn_comp = $2;
23. }
24. if( defined $o{$fn_comp}){
25. print "Skipping [$filename]\n";
26. next REPORT;
27. }
28.  
29. print "opening [$filename]\n";
30. open FD, "<$filename";
31. my $text = do { local $/ ; <FD>; };
32. close FD;
33.  
34. my $report = Email::ARF::Report->new( $text ) or next REPORT;
35. my $evidence = $report->original_email();
36.  
37. my $auth;
38. $auth = NAMEOFFUNCTIONTHATEXTRACTSACCOUNTNAME $_ for ( $evidence->header( "X-Session-Marker" ) );
39. $auth = lc $auth;
40. if( $auth =~ /^$/){
41. $o{ $fn_comp } = { };
42. print "Skipping forward [$filename]\n";
43. next REPORT;
44. }
45.  
46. my $epoch;
47.  
48. RECEIVED:for my $received ( $evidence->header( "Received" ) ) {
49. if( $received =~ /by omf\d+\.(?:(?:a|b)\.)?hostedemail\.com/ ){
50. $epoch = parsedate( $1 ) if $received =~ /;(.+)/;
51. last RECEIVED;
52. }
53. }
54.  
55. my ($subject, $from, $replyto );
56. $subject = $_ for ( $evidence->header( "Subject" ) );
57. $from = $_ for ( $evidence->header( "From" ) );
58. $replyto = $_ for ( $evidence->header( "Reply-To" ) );
59.  
60. my @ips = join( " ", $evidence->header( "Received" ) ) =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/g;
61.  
62. print "Account: $auth\n\t";
63. print "Subject: $subject\n\t";
64. print join( "\n\t", @ips ) . "\n";
65.  
66. $o{ $fn_comp } = { auth => $auth, ips => \@ips, subject => $subject, from => $from, replyto => $replyto, epoch => $epoch } or next REPORT;
67. }