Sven Hartge wrote:
> warn message = X-Received-ASN: AS${extract{1}{\n}{${lookup \
> dnsdb{txt=\
> ${extract{4}{.}{$sender_host_address}}.\
> ${extract{3}{.}{$sender_host_address}}.\
> ${extract{2}{.}{$sender_host_address}}.\
> ${extract{1}{.}{$sender_host_address}}.\
> asn.routeviews.org}}}}
Very nice. But I just *had* to muck with it :-)
received_header_text = Received: \
${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
{${if def:sender_ident {from $sender_ident\n\t}}\
${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
${if def:acl_c6 {sender type \{$acl_c6\}\n\t}}\
${if and { {match {$received_protocol}{[ea]?smtps?a?}}\
{!eq {$sender_host_address}{127.0.0.1}}\
{isip4 {$sender_host_address}}\
}\
{from_AS ${extract{1}{\n}{${lookup dnsdb{txt=\
${extract{4}{.}{$sender_host_address}}.\
${extract{3}{.}{$sender_host_address}}.\
${extract{2}{.}{$sender_host_address}}.\
${extract{1}{.}{$sender_host_address}}.\
asn.routeviews.org}}}}\n\t}}\
by $primary_hostname \
${if def:received_protocol {with $received_protocol\n\t}}\
${if def:tls_cipher {($tls_cipher)\n\t}}\
(Exim $version_number)\n\t\
id $message_id\
${if def:received_for {\n\tfor $received_for}}
(acl_c6 gets the results of a p0f lookup.
http://lcamtuf.coredump.cx/p0f.shtml)
Cheers,
Jeremy
