← Index
NYTProf Performance Profile   « line view »
For /usr/local/bin/sa-learn
  Run on Sun Nov 5 02:36:06 2017
Reported on Sun Nov 5 02:56:19 2017

Filename/usr/local/lib/perl5/site_perl/Mail/SpamAssassin/Message/Metadata/Received.pm
StatementsExecuted 136205 statements in 2.07s
Subroutines
Calls P F Exclusive
Time		 Inclusive
Time		 Subroutine
1139111.11s1.72sMail::SpamAssassin::Message::Metadata::::parse_received_lineMail::SpamAssassin::Message::Metadata::parse_received_line
23411375ms3.55sMail::SpamAssassin::Message::Metadata::::parse_received_headersMail::SpamAssassin::Message::Metadata::parse_received_headers
10411149.1ms62.6msMail::SpamAssassin::Message::Metadata::::make_relay_as_stringMail::SpamAssassin::Message::Metadata::make_relay_as_string
1118.34ms201msMail::SpamAssassin::Message::Metadata::::BEGIN@49Mail::SpamAssassin::Message::Metadata::BEGIN@49
11143µs65µsMail::SpamAssassin::Message::Metadata::::BEGIN@40Mail::SpamAssassin::Message::Metadata::BEGIN@40
11136µs603µsMail::SpamAssassin::Message::Metadata::::BEGIN@51.2Mail::SpamAssassin::Message::Metadata::BEGIN@51.2
11129µs33µsMail::SpamAssassin::Message::Metadata::::BEGIN@46Mail::SpamAssassin::Message::Metadata::BEGIN@46
11127µs33µsMail::SpamAssassin::Message::Metadata::::BEGIN@44Mail::SpamAssassin::Message::Metadata::BEGIN@44
11121µs97µsMail::SpamAssassin::Message::Metadata::::BEGIN@47Mail::SpamAssassin::Message::Metadata::BEGIN@47
11120µs20µsMail::SpamAssassin::Message::Metadata::::BEGIN@50Mail::SpamAssassin::Message::Metadata::BEGIN@50
11119µs55µsMail::SpamAssassin::Message::Metadata::::BEGIN@45Mail::SpamAssassin::Message::Metadata::BEGIN@45
0000s0sMail::SpamAssassin::Message::Metadata::::found_pop_fetcher_sigMail::SpamAssassin::Message::Metadata::found_pop_fetcher_sig
Call graph for these subroutines as a Graphviz dot language file.
Line State
ments		 Time
on line		 Calls Time
in subs		 Code
1# <@LICENSE>
2# Licensed to the Apache Software Foundation (ASF) under one or more
3# contributor license agreements. See the NOTICE file distributed with
4# this work for additional information regarding copyright ownership.
5# The ASF licenses this file to you under the Apache License, Version 2.0
6# (the "License"); you may not use this file except in compliance with
7# the License. You may obtain a copy of the License at:
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16# </@LICENSE>
17
18# ---------------------------------------------------------------------------
19
20# So, what's the difference between a trusted and untrusted Received header?
21# Basically, relays we *know* are trustworthy are 'trusted', all others after
22# the last one of those are 'untrusted'.
23#
24# We determine trust by detecting if they are inside the network ranges
25# specified in 'trusted_networks'. There is also an inference algorithm
26# which determines other trusted relays without user configuration.
27#
28# There's another type of Received header: the semi-trusted one. This is the
29# header added by *our* MX, at the boundary of trust; we can trust the IP
30# address (and possibly rDNS) in this header, but that's about it; HELO name is
31# untrustworthy. We just use this internally for now.
32#
33# Finally, there's also 'internal_networks'. These are the networks that you
34# control; your MXes should be included. This way, if you specify a wide range
35# of trusted hosts, a mail that is relayed from a dynamic IP address via a
36# 'trusted' host will not hit RCVD_IN_DYNABLOCK.
37
38# ---------------------------------------------------------------------------
39
40295µs286µs
# spent 65µs (43+22) within Mail::SpamAssassin::Message::Metadata::BEGIN@40 which was called: # once (43µs+22µs) by Mail::SpamAssassin::Message::Metadata::BEGIN@59 at line 40
use strict; # make Test::Perl::Critic happy
# spent 65µs making 1 call to Mail::SpamAssassin::Message::Metadata::BEGIN@40 # spent 22µs making 1 call to strict::import
41package Mail::SpamAssassin::Message::Metadata::Received; 1;
42
43package Mail::SpamAssassin::Message::Metadata;
44268µs240µs
# spent 33µs (27+6) within Mail::SpamAssassin::Message::Metadata::BEGIN@44 which was called: # once (27µs+6µs) by Mail::SpamAssassin::Message::Metadata::BEGIN@59 at line 44
use strict;
# spent 33µs making 1 call to Mail::SpamAssassin::Message::Metadata::BEGIN@44 # spent 6µs making 1 call to strict::import
45258µs290µs
# spent 55µs (19+35) within Mail::SpamAssassin::Message::Metadata::BEGIN@45 which was called: # once (19µs+35µs) by Mail::SpamAssassin::Message::Metadata::BEGIN@59 at line 45
use warnings;
# spent 55µs making 1 call to Mail::SpamAssassin::Message::Metadata::BEGIN@45 # spent 36µs making 1 call to warnings::import
46269µs238µs
# spent 33µs (29+5) within Mail::SpamAssassin::Message::Metadata::BEGIN@46 which was called: # once (29µs+5µs) by Mail::SpamAssassin::Message::Metadata::BEGIN@59 at line 46
use bytes;
# spent 33µs making 1 call to Mail::SpamAssassin::Message::Metadata::BEGIN@46 # spent 5µs making 1 call to bytes::import
47264µs2174µs
# spent 97µs (21+77) within Mail::SpamAssassin::Message::Metadata::BEGIN@47 which was called: # once (21µs+77µs) by Mail::SpamAssassin::Message::Metadata::BEGIN@59 at line 47
use re 'taint';
# spent 97µs making 1 call to Mail::SpamAssassin::Message::Metadata::BEGIN@47 # spent 77µs making 1 call to re::import
48
492323µs1201ms
# spent 201ms (8.34+192) within Mail::SpamAssassin::Message::Metadata::BEGIN@49 which was called: # once (8.34ms+192ms) by Mail::SpamAssassin::Message::Metadata::BEGIN@59 at line 49
use Mail::SpamAssassin::Dns;
# spent 201ms making 1 call to Mail::SpamAssassin::Message::Metadata::BEGIN@49
50272µs120µs
# spent 20µs within Mail::SpamAssassin::Message::Metadata::BEGIN@50 which was called: # once (20µs+0s) by Mail::SpamAssassin::Message::Metadata::BEGIN@59 at line 50
use Mail::SpamAssassin::PerMsgStatus;
# spent 20µs making 1 call to Mail::SpamAssassin::Message::Metadata::BEGIN@50
51213.2ms21.17ms
# spent 603µs (36+567) within Mail::SpamAssassin::Message::Metadata::BEGIN@51.2 which was called: # once (36µs+567µs) by Mail::SpamAssassin::Message::Metadata::BEGIN@59 at line 51
use Mail::SpamAssassin::Constants qw(:ip);
# spent 603µs making 1 call to Mail::SpamAssassin::Message::Metadata::BEGIN@51.2 # spent 567µs making 1 call to Exporter::import
52
53# ---------------------------------------------------------------------------
54
55
# spent 3.55s (375ms+3.18) within Mail::SpamAssassin::Message::Metadata::parse_received_headers which was called 234 times, avg 15.2ms/call: # 234 times (375ms+3.18s) by Mail::SpamAssassin::Message::Metadata::extract at line 85 of Mail/SpamAssassin/Message/Metadata.pm, avg 15.2ms/call
sub parse_received_headers {
56234590µs my ($self, $permsgstatus, $msg) = @_;
57
58234712µs my $suppl_attrib = $msg->{suppl_attrib}; # out-of-band info from a caller
59
60 # a caller may assert that a message is coming from inside or from an
61 # authenticated roaming users; this info may not be available in mail
62 # header section, e.g. in case of nonstandard authentication mechanisms
63234462µs my $originating; # boolean
64234499µs $originating = $suppl_attrib->{originating} if ref $suppl_attrib;
65
66234833µs $self->{relays_trusted} = [ ];
67234719µs $self->{num_relays_trusted} = 0;
68234974µs $self->{relays_trusted_str} = '';
69
70234760µs $self->{relays_untrusted} = [ ];
71234743µs $self->{num_relays_untrusted} = 0;
722341.04ms $self->{relays_untrusted_str} = '';
73
74234856µs $self->{relays_internal} = [ ];
75234659µs $self->{num_relays_internal} = 0;
76234846µs $self->{relays_internal_str} = '';
77
78234881µs $self->{relays_external} = [ ];
79234751µs $self->{num_relays_external} = 0;
80234801µs $self->{relays_external_str} = '';
81
82234780µs $self->{num_relays_unparseable} = 0;
83
842341.00ms $self->{last_trusted_relay_index} = -1; # last counting from the top,
85234683µs $self->{last_internal_relay_index} = -1; # first in time
86
87 # now figure out what relays are trusted...
882341.08ms my $trusted = $permsgstatus->{main}->{conf}->{trusted_networks};
892341.13ms my $internal = $permsgstatus->{main}->{conf}->{internal_networks};
90234897µs my $msa = $permsgstatus->{main}->{conf}->{msa_networks};
91234821µs my $did_user_specify_trust = $permsgstatus->{main}->{conf}->{trusted_networks_configured};
92234813µs my $did_user_specify_internal = $permsgstatus->{main}->{conf}->{internal_networks_configured};
93234490µs my $in_trusted = 1;
94234499µs my $in_internal = 1;
95234532µs my $found_msa = 0;
96
972341.43ms unless ($did_user_specify_trust && $did_user_specify_internal) {
982341.00ms if (!$did_user_specify_trust && !$did_user_specify_internal) {
992341.87ms2341.77ms dbg('config: trusted_networks are not configured; it is recommended '.
# spent 1.77ms making 234 calls to Mail::SpamAssassin::Logger::dbg, avg 8µs/call
100 'that you configure trusted_networks manually');
101 } elsif (!$did_user_specify_internal) {
102 # use 'trusted' for 'internal'; compatibility with SpamAssassin 2.60
103 $internal = $trusted;
104 dbg('config: internal_networks not configured, using trusted_networks '.
105 'configuration for internal_networks; if you really want '.
106 'internal_networks to only contain the required 127/8 add '.
107 "'internal_networks !0/0' to your configuration");
108 } else {
109 # use 'internal' for 'trusted'; I don't know why we let people define
110 # internal without trusted, but we do... and we rely on trusted being set
111 $trusted = $internal;
112 dbg('config: trusted_networks not configured, using internal_networks '.
113 'configuration for trusted_networks');
114 }
115 }
116
117234569µs my $IP_ADDRESS = IP_ADDRESS;
118234517µs my $IP_PRIVATE = IP_PRIVATE;
119234499µs my $LOCALHOST = LOCALHOST;
120
1212343.08ms23434.4ms my @hdrs = $msg->get_header('Received');
# spent 34.4ms making 234 calls to Mail::SpamAssassin::Message::Node::get_header, avg 147µs/call
122
123 # Now add the single line headers like X-Originating-IP. (bug 5680)
124 # we convert them into synthetic "Received" headers so we can share
125 # code below.
1264689.59ms for my $header (@{$permsgstatus->{main}->{conf}->{originating_ip_headers}})
127 {
12811707.72ms117097.3ms my $str = $msg->get_header($header);
# spent 97.3ms making 1170 calls to Mail::SpamAssassin::Message::Node::get_header, avg 83µs/call
12911703.58ms16808µs next unless ($str && $str =~ m/($IP_ADDRESS)/);
# spent 649µs making 8 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 81µs/call # spent 159µs making 8 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 20µs/call
130893µs push @hdrs, "from X-Originating-IP: $1\n";
131 }
132
1332341.59ms foreach my $line ( @hdrs ) {
134
135 # qmail-scanner support hack: we may have had one of these set from the
136 # previous (read: more recent) Received header. if so, add it on to this
137 # header's set, since that's the handover it was describing.
138
13911391.83ms my $qms_env_from;
14011392.40ms if ($self->{qmail_scanner_env_from}) {
141 $qms_env_from = $self->{qmail_scanner_env_from};
142 delete $self->{qmail_scanner_env_from};
143 }
144
145113913.2ms11394.05ms $line =~ s/\n[ \t]+/ /gs;
# spent 4.05ms making 1139 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 4µs/call
146
14711399.56ms11391.72s my $relay = $self->parse_received_line ($line);
# spent 1.72s making 1139 calls to Mail::SpamAssassin::Message::Metadata::parse_received_line, avg 1.51ms/call
14811392.32ms if (!defined $relay) {
14911135µs11121µs dbg("received-header: unparseable: $line");
# spent 121µs making 11 calls to Mail::SpamAssassin::Logger::dbg, avg 11µs/call
1501134µs $self->{num_relays_unparseable}++;
151 }
152
153 # undefined or 0 means there's no result, so goto the next header
15411392.76ms unless ($relay) {
15598185µs $self->{last_trusted_relay_index}++ if $in_trusted;
15698179µs $self->{last_internal_relay_index}++ if $in_internal;
15798269µs next;
158 }
159
160 # hack for qmail-scanner, as described above; add in the saved
161 # metadata
16210411.90ms if ($qms_env_from) {
163 $relay->{envfrom} = $qms_env_from;
164 $self->make_relay_as_string($relay);
165 }
166
167 # relay status only changes when we're still in the trusted portion of the
168 # relays and we haven't yet found an MSA
16910413.20ms if ($in_trusted && !$found_msa) {
1707022.67ms unless ($did_user_specify_trust || $did_user_specify_internal) {
171 # OK, infer the trusted/untrusted handover, we don't have real info
1727021.36ms my $inferred_as_trusted = 0;
173
174 # if the 'from' IP addr is in a reserved net range, it's not on
175 # the public internet.
1767022.58ms if ($relay->{ip_private}) {
1774695.51ms4694.18ms dbg("received-header: 'from' ".$relay->{ip}." has private IP");
# spent 4.18ms making 469 calls to Mail::SpamAssassin::Logger::dbg, avg 9µs/call
1784691.60ms $inferred_as_trusted = 1;
179 }
180
181 # if we find authentication tokens in the received header we can extend
182 # the trust boundary to that host
1837021.66ms if ($relay->{auth}) {
18419µs17µs dbg("received-header: authentication method ".$relay->{auth});
# spent 7µs making 1 call to Mail::SpamAssassin::Logger::dbg
18512µs $inferred_as_trusted = 1;
186 }
187
188 # if the user didn't specify any trusted/internal config, everything
189 # we assume as trusted is also internal, just like we'd do if they
190 # specified trusted but not any internal networks or vice versa
1917023.24ms if (!$inferred_as_trusted) {
1922331.57ms2331.45ms dbg("received-header: do not trust any hosts from here on");
# spent 1.45ms making 233 calls to Mail::SpamAssassin::Logger::dbg, avg 6µs/call
193233489µs $in_trusted = 0;
194233521µs $in_internal = 0;
195 }
196
197 } else {
198 # trusted_networks matches?
199 if (!$relay->{auth} && !$trusted->contains_ip($relay->{ip})) {
200 if (!$originating) {
201 $in_trusted = 0; # break the trust chain
202 } else { # caller asserts a msg was submitted from inside or auth'd
203 $found_msa = 1; # let's assume the previous hop was actually
204 # an MSA, and propagate trust from here on
205 dbg('received-header: originating, '.
206 '%s and remaining relays will be considered trusted%s',
207 $relay->{ip}, !$in_internal ? '' : ', but no longer internal');
208 }
209 $in_internal = 0; # if it's not trusted it's not internal
210 } else {
211 # internal_networks matches?
212 if ($in_internal && !$relay->{auth} && !$internal->contains_ip($relay->{ip})) {
213 $in_internal = 0;
214 }
215 # msa_networks matches?
216 if ($msa->contains_ip($relay->{ip})) {
217 dbg('received-header: found MSA relay, remaining relays will be'.
218 ' considered trusted: '.($in_trusted ? 'yes' : 'no').
219 ' internal: '.($in_internal ? 'yes' : 'no'));
220 $found_msa = 1;
221 $relay->{msa} = 1;
222 }
223 }
224 }
225 }
226
227 dbg("received-header: relay ".$relay->{ip}.
228 " trusted? ".($in_trusted ? "yes" : "no").
229 " internal? ".($in_internal ? "yes" : "no").
230104116.4ms10418.92ms " msa? ".($relay->{msa} ? "yes" : "no"));
# spent 8.92ms making 1041 calls to Mail::SpamAssassin::Logger::dbg, avg 9µs/call
231
23210414.75ms $relay->{internal} = $in_internal;
23310415.17ms $relay->{msa} ||= 0;
234
235 # be sure to mark up the as_string version for users too
236104155.1ms312315.7ms $relay->{as_string} =~ s/ intl=\d / intl=$relay->{internal} /;
# spent 8.63ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 8µs/call # spent 7.11ms making 2082 calls to Mail::SpamAssassin::Message::Metadata::CORE:substcont, avg 3µs/call
237104151.3ms312313.0ms $relay->{as_string} =~ s/ msa=\d / msa=$relay->{msa} /;
# spent 7.82ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 8µs/call # spent 5.23ms making 2082 calls to Mail::SpamAssassin::Message::Metadata::CORE:substcont, avg 3µs/call
238
23910414.54ms if ($in_trusted) {
2409383.50ms push (@{$self->{relays_trusted}}, $relay);
2414691.36ms $self->{allow_fetchmail_markers} = 1;
2424691.07ms $self->{last_trusted_relay_index}++;
243 } else {
24411444.14ms push (@{$self->{relays_untrusted}}, $relay);
2455721.34ms $self->{allow_fetchmail_markers} = 0;
246 }
247
24810419.39ms if ($in_internal) {
2499383.12ms push (@{$self->{relays_internal}}, $relay);
2504691.10ms $self->{last_internal_relay_index}++;
251 } else {
25211443.62ms push (@{$self->{relays_external}}, $relay);
253 }
254 }
255
2564691.51ms $self->{relays_trusted_str} = join(' ', map { $_->{as_string} }
2574685.70ms @{$self->{relays_trusted}});
2585721.68ms $self->{relays_untrusted_str} = join(' ', map { $_->{as_string} }
2594685.06ms @{$self->{relays_untrusted}});
2604691.25ms $self->{relays_internal_str} = join(' ', map { $_->{as_string} }
2614685.30ms @{$self->{relays_internal}});
2625721.47ms $self->{relays_external_str} = join(' ', map { $_->{as_string} }
2634684.55ms @{$self->{relays_external}});
264
265 # OK, we've now split the relay list into trusted and untrusted.
266
267 # add the stringified representation to the message object, so Bayes
268 # and rules can use it. Note that rule_tests.t does not impl put_metadata,
269 # so protect against that here. These will not appear in the final
270 # message; they're just used internally.
271
2722345.14ms2342.02ms if ($self->{msg}->can ("delete_header")) {
# spent 2.02ms making 234 calls to UNIVERSAL::can, avg 9µs/call
2732344.27ms234336ms $self->{msg}->delete_header ("X-Spam-Relays-Trusted");
# spent 336ms making 234 calls to Mail::SpamAssassin::Message::Node::delete_header, avg 1.43ms/call
2742343.65ms234281ms $self->{msg}->delete_header ("X-Spam-Relays-Untrusted");
# spent 281ms making 234 calls to Mail::SpamAssassin::Message::Node::delete_header, avg 1.20ms/call
2752343.97ms234305ms $self->{msg}->delete_header ("X-Spam-Relays-Internal");
# spent 305ms making 234 calls to Mail::SpamAssassin::Message::Node::delete_header, avg 1.30ms/call
2762343.25ms234328ms $self->{msg}->delete_header ("X-Spam-Relays-External");
# spent 328ms making 234 calls to Mail::SpamAssassin::Message::Node::delete_header, avg 1.40ms/call
277
2782343.65ms2341.07ms if ($self->{msg}->can ("put_metadata")) {
# spent 1.07ms making 234 calls to UNIVERSAL::can, avg 5µs/call
279 $self->{msg}->put_metadata ("X-Spam-Relays-Trusted",
2802342.13ms2344.34ms $self->{relays_trusted_str});
# spent 4.34ms making 234 calls to Mail::SpamAssassin::Message::put_metadata, avg 19µs/call
281 $self->{msg}->put_metadata ("X-Spam-Relays-Untrusted",
2822341.79ms2344.18ms $self->{relays_untrusted_str});
# spent 4.18ms making 234 calls to Mail::SpamAssassin::Message::put_metadata, avg 18µs/call
283 $self->{msg}->put_metadata ("X-Spam-Relays-Internal",
2842341.77ms2344.76ms $self->{relays_internal_str});
# spent 4.76ms making 234 calls to Mail::SpamAssassin::Message::put_metadata, avg 20µs/call
285 $self->{msg}->put_metadata ("X-Spam-Relays-External",
2862341.77ms2344.12ms $self->{relays_external_str});
# spent 4.12ms making 234 calls to Mail::SpamAssassin::Message::put_metadata, avg 18µs/call
287 }
288 }
289
290 # be helpful; save some cumbersome typing
2914681.58ms $self->{num_relays_trusted} = scalar (@{$self->{relays_trusted}});
2924681.58ms $self->{num_relays_untrusted} = scalar (@{$self->{relays_untrusted}});
2934681.54ms $self->{num_relays_internal} = scalar (@{$self->{relays_internal}});
2944681.47ms $self->{num_relays_external} = scalar (@{$self->{relays_external}});
295
2962342.58ms2341.95ms dbg("metadata: X-Spam-Relays-Trusted: ".$self->{relays_trusted_str});
# spent 1.95ms making 234 calls to Mail::SpamAssassin::Logger::dbg, avg 8µs/call
2972342.48ms2341.70ms dbg("metadata: X-Spam-Relays-Untrusted: ".$self->{relays_untrusted_str});
# spent 1.70ms making 234 calls to Mail::SpamAssassin::Logger::dbg, avg 7µs/call
2982342.09ms2341.57ms dbg("metadata: X-Spam-Relays-Internal: ".$self->{relays_internal_str});
# spent 1.57ms making 234 calls to Mail::SpamAssassin::Logger::dbg, avg 7µs/call
2992345.17ms2341.60ms dbg("metadata: X-Spam-Relays-External: ".$self->{relays_external_str});
# spent 1.60ms making 234 calls to Mail::SpamAssassin::Logger::dbg, avg 7µs/call
300}
301
302# ---------------------------------------------------------------------------
303
304# returns undef if the header just couldn't be parsed
305# returns 0 if the header was specifically skipped
306# returns a hash of information if the header is parsed, including:
307# ip => $ip,
308# by => $by,
309# helo => $helo,
310# id => $id,
311# ident => $ident,
312# envfrom => $envfrom,
313# lc_by => (lc $by),
314# lc_helo => (lc $helo),
315# auth => $auth
316#
317
# spent 1.72s (1.11+606ms) within Mail::SpamAssassin::Message::Metadata::parse_received_line which was called 1139 times, avg 1.51ms/call: # 1139 times (1.11s+606ms) by Mail::SpamAssassin::Message::Metadata::parse_received_headers at line 147, avg 1.51ms/call
sub parse_received_line {
31811392.69ms my ($self) = shift;
31911395.89ms local ($_) = shift;
32011399.02ms local ($1,$2,$3,$4,$5,$6);
321
322113949.5ms113940.2ms s/\s+/ /g;
# spent 40.2ms making 1139 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 35µs/call
323113911.1ms11392.77ms s/^ //;
# spent 2.77ms making 1139 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 2µs/call
324113917.1ms11399.23ms s/ $//;
# spent 9.23ms making 1139 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 8µs/call
325
326 # get rid of invalid semicolon at the end of the header
327113913.2ms11392.66ms 1 while s/\s?;$//;
# spent 2.66ms making 1139 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 2µs/call
328
32911392.37ms my $ip = '';
33011392.13ms my $helo = '';
33111392.11ms my $rdns = '';
33211392.11ms my $by = '';
33311392.13ms my $id = '';
33411392.06ms my $ident = '';
33511392.23ms my $envfrom = '';
33611392.11ms my $mta_looked_up_dns = 0;
33711392.07ms my $IP_ADDRESS = IP_ADDRESS;
33811392.03ms my $IP_PRIVATE = IP_PRIVATE;
33911391.99ms my $LOCALHOST = LOCALHOST;
34011392.40ms my $auth = '';
341
342# ---------------------------------------------------------------------------
343
344 # We care about lines starting with from. all of the others are ignorable:
345 # Bug 4943: give /^(from/ a chance to be parsed
346 #
347 # (qmail 27981 invoked by uid 225); 14 Mar 2003 07:24:34 -0000
348 # (qmail 84907 invoked from network); 13 Feb 2003 20:59:28 -0000
349 # (ofmipd 208.31.42.38); 17 Mar 2003 04:09:01 -0000
350 # by faerber.muc.de (OpenXP/32 v3.9.4 (Win32) alpha @ 2003-03-07-1751d); 07 Mar 2003 22:10:29 +0000
351 # by x.x.org (bulk_mailer v1.13); Wed, 26 Mar 2003 20:44:41 -0600
352 # by SPIDERMAN with Internet Mail Service (5.5.2653.19) id <19AF8VY2>; Tue, 25 Mar 2003 11:58:27 -0500
353 # by oak.ein.cz (Postfix, from userid 1002) id DABBD1BED3; Thu, 13 Feb 2003 14:02:21 +0100 (CET)
354 # OTM-MIX(otm-mix00) id k5N1aDtp040896; Fri, 23 Jun 2006 10:36:14 +0900 (JST)
355 # at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2) from infodrom.org by finlandia.Infodrom.North.DE via smail from stdin id <m1FglM8-000okjC@finlandia.Infodrom.North.DE> for debian-security-announce@lists.debian.org; Thu, 18 May 2006 18:28:08 +0200 (CEST)
356 # with ECARTIS (v1.0.0; list bind-announce); Fri, 18 Aug 2006 07:19:58 +0000 (UTC)
357 # Received: Message by Barricade wilhelm.eyp.ee with ESMTP id h1I7hGU06122 for <spamassassin-talk@lists.sourceforge.net>; Tue, 18 Feb 2003 09:43:16 +0200
358113927.3ms113910.8ms return 0 if (!/^\(?from /i);
# spent 10.8ms making 1139 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 10µs/call
359
360 # from www-data by wwwmail.documenta.de (Exim 4.50) with local for <example@vandinter.org> id 1GFbZc-0006QV-L8; Tue, 22 Aug 2006 21:06:04 +0200
361 # from server.yourhostingaccount.com with local for example@vandinter.org id 1GDtdl-0002GU-QE (8710); Thu, 17 Aug 2006 21:59:17 -0400
362106319.2ms10633.24ms return 0 if /\bwith local for\b/;
# spent 3.24ms making 1063 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
363
364 # Received: from virtual-access.org by bolero.conactive.com ; Thu, 20 Feb 2003 23:32:58 +0100
365 # Received: FROM ca-ex-bridge1.nai.com BY scwsout1.nai.com ; Fri Feb 07 10:18:12 2003 -0800
366 # but not: Received: from [86.122.158.69] by mta2.iomartmail.com; Thu, 2 Aug 2007 21:50:04 -0200
367106315.7ms10638.60ms if (/^from (\S+) by [^\s;]+ ?;/i && $1 !~ /^\[[\d.]+\]$/) { return 0; }
# spent 8.60ms making 1063 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 8µs/call
368
369# ---------------------------------------------------------------------------
370
371 # Let's get rid of the date at the end
372 # ; Tue, 23 May 2006 13:06:35 -0400
373106339.6ms106331.3ms s/[\s;]+(?:(?:Mon|T(?:ue|hu)|Wed|Fri|S(?:at|un)), )?\d+ (?:J(?:an|u[nl])|Feb|Ma[ry]|A(?:pr|ug)|Sep|Oct|Nov|Dec) \d+ \d+:\d+(?::\d+)? \S+$//;
# spent 31.3ms making 1063 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 29µs/call
374
375 # from av0001.technodiva.com (localhost [127.0.0.1])by localhost.technodiva.com (Postfix) with ESMTP id 846CF2117for <proftp-user@lists.sourceforge.net>; Mon, 7 Aug 2006 17:48:07 +0200 (MEST)
376106311.7ms10633.55ms s/\)by /) by /;
# spent 3.55ms making 1063 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 3µs/call
377
378# ---------------------------------------------------------------------------
379
380 # OK -- given knowledge of most Received header formats,
381 # break them down. We have to do something like this, because
382 # some MTAs will swap position of rdns and helo -- so we can't
383 # simply use simplistic regexps.
384
385 # try to catch unique message identifier
386106326.6ms10637.64ms if (/ id <?([^\s<>;]{3,})/) {
# spent 7.64ms making 1063 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 7µs/call
38710063.67ms $id = $1;
388 }
389
390106338.6ms211715.4ms if (/\bhelo=([-A-Za-z0-9\.\^+_&:=?!@%*\$\\\/]+)(?:[^-A-Za-z0-9\.\^+_&:=?!@%*\$\\\/]|$)/) {
# spent 15.4ms making 2117 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 7µs/call
391931µs $helo = $1;
392 }
393 elsif (/\b(?:HELO|EHLO) ([-A-Za-z0-9\.\^+_&:=?!@%*\$\\\/]+)(?:[^-A-Za-z0-9\.\^+_&:=?!@%*\$\\\/]|$)/) {
394414µs $helo = $1;
395 }
396211628.6ms10637.17ms if (/ by (\S+)(?:[^-A-Za-z0-9\;\.]|$)/) { $by = $1; }
# spent 7.17ms making 1063 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 7µs/call
397
398# ---------------------------------------------------------------------------
399
400 # try to catch authenticated message identifier
401 #
402 # with ESMTPA, ESMTPSA, LMTPA, LMTPSA should cover RFC 3848 compliant MTAs,
403 # UTF8SMTPA and UTF8LMTPA are covered by RFC 4954 and RFC 6531,
404 # with ASMTP (Authenticated SMTP) is used by Earthlink, Exim 4.34, and others
405 # with HTTP should only be authenticated webmail sessions
406 # with HTTPU is used by Communigate Pro with Pronto! webmail interface
407 # IANA registry: http://www.iana.org/assignments/mail-parameters/mail-parameters.xhtml
4081063184ms1357162.3ms if (/ by / && / with ((?:ES|L|UTF8S|UTF8L)MTPS?A|ASMTP|HTTPU?)(?: |;|$)/i) {
# spent 49.7ms making 12528 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call # spent 12.6ms making 1043 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 12µs/call
4091965µs $auth = $1;
410 }
411 # GMail should use ESMTPSA to indicate that it is in fact authenticated,
412 # but doesn't.
413 elsif (/ by mx\.google\.com with ESMTPS id [a-z0-9]{1,4}sm[0-9]{2,9}[a-z]{3}\.[0-9]{1,3}\.[0-9]{4}\.(?:[0-6][0-9]\.){4}[0-6][0-9]/ && /\(version=([^ ]+) cipher=([^\)]+)\)/ ) {
414 $auth = 'GMail - transport=' . $1 . ' cipher=' . $2;
415 }
416 # Courier v0.47 and possibly others
417 elsif (/^from .*?(?:\]\)|\)\]) \(AUTH: (LOGIN|PLAIN|DIGEST-MD5|CRAM-MD5) \S+(?:, .*?)?\) by /) {
418 $auth = $1;
419 }
420 # Sendmail, MDaemon, some webmail servers, and others
421 elsif (/authenticated/ && /^from .*?(?:\](?: \([^)]*\))?\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
42212µs $auth = 'Sendmail';
423 }
424 # workaround for GMX, which authenticates users but does not indicate it properly - # SMTP version
425 elsif (/from \S* \((?:HELO|EHLO) (\S*)\) \[(${IP_ADDRESS})\] by (mail\.gmx\.(?:net|com)) \([^\)]+\) with ((?:ESMTP|SMTP))/) {
426 $auth = "GMX ($4 / $3)";
427 }
428 # Critical Path Messaging Server
429 elsif (/ \(authenticated as /&&/\) by .+ \(\d{1,2}\.\d\.\d{3}(?:\.\d{1,3})?\) \(authenticated as .+\) id /) {
430413µs $auth = 'CriticalPath';
431 }
432 # Postfix 2.3 and later with "smtpd_sasl_authenticated_header yes"
433 elsif (/\) \(Authenticated sender: \S+\) by \S+ \(Postfix\) with /) {
434 $auth = 'Postfix';
435 }
436 # Communigate Pro - Bug 6495 adds HTTP as possible transmission method
437 elsif (/CommuniGate Pro (HTTP|SMTP)/ && / \(account /) {
438 $auth = 'Communigate';
439 }
440 # Microsoft Exchange (complete with syntax error)
441 elsif (/ with Microsoft Exchange Server HTTP-DAV\b/) {
442 $auth = 'HTTP-DAV';
443 }
444 # froufrou mailers like United Internet use a '(via HTTP)' comment, Bug 7101
445 elsif (/ by / && / \(via (HTTP.?)\)(?: |;|$)/i) {
446 $auth = $1;
447 }
448
449# ---------------------------------------------------------------------------
450
451106317.8ms106310.3ms if (s/^from //) {
# spent 10.3ms making 1063 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 10µs/call
452 # try to catch enveloper senders
453106326.3ms106318.0ms if (/(?:return-path:? |envelope-(?:sender|from)[ =])(\S+)\b/i) {
# spent 18.0ms making 1063 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 17µs/call
45434123µs $envfrom = $1;
455 }
456
457 # from 142.169.110.122 (SquirrelMail authenticated user synapse) by
458 # mail.nomis80.org with HTTP; Sat, 3 Apr 2004 10:33:43 -0500 (EST)
459 # Expanded to NaSMail Bug 6783
460106318.7ms10632.97ms if (/ \((?:SquirrelMail|NaSMail) authenticated user /) {
# spent 2.97ms making 1063 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
461 #REVERTING bug 3236 and implementing re: bug 6549
462 if (/(${IP_ADDRESS})\b(?![.-]).{10,80}by (\S+) with HTTP/) {
463 $ip = $1; $by = $2; goto enough;
464 }
465 }
466
467 # AOL WebMail headers
468106311.5ms10673.23ms if (/aol\.com/ && /with HTTP \(WebMailUI\)/) {
# spent 3.23ms making 1067 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
469 # Received: from 82.135.198.129 by FWM-M18.sysops.aol.com (64.12.168.82) with HTTP (WebMailUI); Tue, 19 Jun 2007 11:16:54 -0400
470 if(/(${IP_ADDRESS}) by (\S+) \(${IP_ADDRESS}\) with HTTP \(WebMailUI\)/) {
471 $ip = $1; $by = $2; goto enough;
472 }
473 }
474
475 # catch MS-ish headers here
476106385.9ms607019.7ms if (/ SMTPSVC/) {
# spent 19.7ms making 6070 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
477 # MS servers using this fmt do not lookup the rDNS.
478 # Received: from inet-vrs-05.redmond.corp.microsoft.com ([157.54.6.157])
479 # by INET-IMC-05.redmond.corp.microsoft.com with Microsoft
480 # SMTPSVC(5.0.2195.6624); Thu, 6 Mar 2003 12:02:35 -0800
481 # Received: from 0 ([61.31.135.91]) by bass.bass.com.eg with Microsoft
482 # SMTPSVC(5.0.2195.6713); Tue, 21 Sep 2004 08:59:06 +0300
483 # Received: from 0 ([61.31.138.57] RDNS failed) by nccdi.com with
484 # Microsoft SMTPSVC(6.0.3790.0); Thu, 23 Sep 2004 08:51:06 -0700
485 # Received: from tthompson ([217.35.105.172] unverified) by
486 # mail.neosinteractive.com with Microsoft SMTPSVC(5.0.2195.5329);
487 # Tue, 11 Mar 2003 13:23:01 +0000
488 # Received: from ([172.16.1.78]) by email2.codeworksonline.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 6 Sep 2006 21:14:29 -0400
489291.81ms581.44ms if (/^(\S*) \(\[(${IP_ADDRESS})\][^\)]{0,40}\) by (\S+) with Microsoft SMTPSVC/) {
# spent 818µs making 29 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 28µs/call # spent 620µs making 29 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 21µs/call
490 $helo = $1; $ip = $2; $by = $3; goto enough;
491 }
492
493 # Received: from mail pickup service by mail1.insuranceiq.com with
494 # Microsoft SMTPSVC; Thu, 13 Feb 2003 19:05:39 -0500
49529278µs2983µs if (/^mail pickup service by (\S+) with Microsoft SMTPSVC$/) {
# spent 83µs making 29 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
496 return 0;
497 }
498 }
499
500 elsif (/\[XMail /) { # bug 3791, bug 4053
501 # Received: from list.brainbuzz.com (63.146.189.86:23198) by mx1.yourtech.net with [XMail 1.20 ESMTP Server] id <S72E> for <jason@ellingson.org.spamassassin.org> from <bounce-cscommunity-11965901@list.cramsession.com.spamassassin.org>; Sat, 18 Sep 2004 23:17:54 -0500
502 # Received: from list.brainbuzz.com (63.146.189.86:23198) by mx1.yourtech.net (209.32.147.34:25) with [XMail 1.20 ESMTP Server] id <S72E> for <jason@ellingson.org.spamassassin.org> from <bounce-cscommunity-11965901@list.cramsession.com.spamassassin.org>; Sat, 18 Sep 2004 23:17:54 -0500
503 if (/^(\S+) \((\[?${IP_ADDRESS}\]?)(?::\d+)\) by (\S+)(?: \(\S+\))? with \[XMail/)
504 {
505 $helo = $1; $ip = $2; $by = $3;
506 / id <(\S+)>/ and $id = $1;
507 / from <(\S+)>/ and $envfrom = $1;
508 goto enough;
509 }
510 }
511
512 # from ([10.225.209.19:33672]) by ecelerity-va-1 (ecelerity HEAD) with SMTP id EE/20-30863-33CE1054; Fri, 08 Sep 2006 18:18:27 -0400
513 # from ([127.0.0.1:32923]) by bm1-21.ed10.com (ecelerity 2.1.1ea r(11031M)) with ECSTREAM id 8B/57-16227-3764EB44 for <example@vandinter.org>; Wed, 19 Jul 2006 10:49:23 -0400
514 # from ([192.168.1.151:49601] helo=dev1.democracyinaction.org) by m12.prod.democracyinaction.com (ecelerity 2.1.1.3 r(11743)) with ESMTP id 52/92-02454-89FBA054 for <example@vandinter.org>; Fri, 15 Sep 2006 10:58:32 -0400
515 elsif (/\(ecelerity\b/) {
51617893µs34686µs if (/^\(\[(${IP_ADDRESS}):\d+\] helo=(\S+)\) by (\S+) /) {
# spent 619µs making 17 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 36µs/call # spent 67µs making 17 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
517 $ip = $1; $helo = $2; $by = $3;
518 goto enough;
519 }
520
52117983µs34758µs if (/^\S+ \(\[(${IP_ADDRESS}):\d+\]\) by (\S+) /) {
# spent 596µs making 17 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 35µs/call # spent 162µs making 17 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 10µs/call
5222677µs $ip = $1; $by = $2;
523131.50ms goto enough;
524 }
525 }
526
527 elsif (/Exim/) {
528 # one of the HUGE number of Exim formats :(
529 # This must be scriptable. (update: it is. cf bug 3950, 3582)
530 # mss 2004-09-27: See <http://www.exim.org/exim-html-4.40/doc/html/spec_14.html#IX1315>
531
532 # from root (helo=candygram.thunk.org) by thunker.thunk.org with local-esmtps (tls_cipher TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50 #1 (Debian)) id 1FwHqR-0008Bw-OG; Fri, 30 Jun 2006 08:11:35 -0400
533 # from root (helo=localhost) by broadcast.iac.iafrica.com with local-bsmtp (Exim 4.30; FreeBSD) id 1GN22d-0000xp-2K for example@vandinter.org; Tue, 12 Sep 2006 08:46:43 +0200
534 # from smarter (helo=localhost) by mx1-out.lists.smarterliving.com with local-bsmtp (Exim 4.24) id 1GIRA2-0007IZ-4n for example@vandinter.org; Wed, 30 Aug 2006 10:35:22 -0400
535 # Received: from andrew by trinity.supernews.net with local (Exim 4.12) id 18xeL6-000Dn1-00; Tue, 25 Mar 2003 02:39:00 +0000
5365101µs318µs if (/\bwith local(?:-\S+)? /) { return 0; }
# spent 18µs making 3 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 6µs/call
537
538 # Received: from [61.174.163.26] (helo=host) by sc8-sf-list1.sourceforge.net with smtp (Exim 3.31-VA-mm2 #1 (Debian)) id 18t2z0-0001NX-00 for <razor-users@lists.sourceforge.net>; Wed, 12 Mar 2003 01:57:10 -0800
539 # Received: from [218.19.142.229] (helo=hotmail.com ident=yiuhyotp) by yzordderrex with smtp (Exim 3.35 #1 (Debian)) id 194BE5-0005Zh-00; Sat, 12 Apr 2003 03:58:53 +0100
5401515µs2494µs if (/^\[(${IP_ADDRESS})\] \((.*?)\) by (\S+) /) {
# spent 485µs making 1 call to Mail::SpamAssassin::Message::Metadata::CORE:regcomp # spent 9µs making 1 call to Mail::SpamAssassin::Message::Metadata::CORE:match
54139µs $ip = $1; my $sub = $2; $by = $3;
542117µs17µs $sub =~ s/helo=(\S+)// and $helo = $1;
# spent 7µs making 1 call to Mail::SpamAssassin::Message::Metadata::CORE:subst
543112µs13µs $sub =~ s/ident=(\S*)// and $ident = $1;
# spent 3µs making 1 call to Mail::SpamAssassin::Message::Metadata::CORE:subst
5441139µs goto enough;
545 }
546
547 # Received: from sc8-sf-list1-b.sourceforge.net ([10.3.1.13] helo=sc8-sf-list1.sourceforge.net) by sc8-sf-list2.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian)) id 18t301-0007Bh-00; Wed, 12 Mar 2003 01:58:13 -0800
548 # Received: from dsl092-072-213.bos1.dsl.speakeasy.net ([66.92.72.213] helo=blazing.arsecandle.org) by sc8-sf-list1.sourceforge.net with esmtp (Cipher TLSv1:DES-CBC3-SHA:168) (Exim 3.31-VA-mm2 #1 (Debian)) id 18lyuU-0007TI-00 for <SpamAssassin-talk@lists.sourceforge.net>; Thu, 20 Feb 2003 14:11:18 -0800
549 # Received: from eclectic.kluge.net ([66.92.69.221] ident=[W9VcNxE2vKxgWHD05PJbLzIHSxcmZQ/O]) by sc8-sf-list1.sourceforge.net with esmtp (Cipher TLSv1:DES-CBC3-SHA:168) (Exim 3.31-VA-mm2 #1 (Debian)) id 18m0hT-00031I-00 for <spamassassin-talk@lists.sourceforge.net>; Thu, 20 Feb 2003 16:06:00 -0800
550 # Received: from mail.ssccbelen.edu.pe ([216.244.149.154]) by yzordderrex
551 # with esmtp (Exim 3.35 #1 (Debian)) id 18tqiz-000702-00 for
552 # <jm@example.com>; Fri, 14 Mar 2003 15:03:57 +0000
553 # Received: from server040.webpack.hosteurope.de ([80.237.130.48]:52313)
554 # by vps832469583.serverpool.info with esmtps
555 # (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.50) id 1GzVLs-0002Oz-7b...
556 if (/^(\S+) \(\[(${IP_ADDRESS})\](.*?)\) by (\S+) /) {
557 $rdns=$1; $ip = $2; my $sub = $3; $by = $4;
558 $helo=$rdns; # default, apparently: bug 5112
559 $sub =~ s/helo=(\S+)// and $helo = $1;
560 $sub =~ s/ident=(\S*)// and $ident = $1;
561 goto enough;
562 }
563
564 # Received: from boggle.ihug.co.nz [203.109.252.209] by grunt6.ihug.co.nz
565 # with esmtp (Exim 3.35 #1 (Debian)) id 18SWRe-0006X6-00; Sun, 29 Dec
566 # 2002 18:57:06 +1300
567 if (/^(\S+) \[(${IP_ADDRESS})\](:\d+)? by (\S+) /) {
568 $rdns= $1; $ip = $2; $helo = $1; $by = $4; goto enough;
569 }
570
571 # attempt to deal with other odd Exim formats; just match little bits
572 # of the header.
573 # Received: from helene8.i.pinwand.net (helene.cats.ms) [10.0.8.6.13219]
574 # (mail) by lisbeth.i.pinwand.net with esmtp (Exim 3.35 #1 (Debian)) id
575 # 1CO5y7-0001vC-00; Sun, 31 Oct 2004 04:01:23 +0100
576 if (/^(\S+) /) {
577 $rdns= $1; # assume this is the rDNS, not HELO. is this appropriate?
578 }
579 if (/ \((\S+)\) /) {
580 $helo = $1;
581 }
582 if (/ \[(${IP_ADDRESS})(?:\.\d+)?\] /) {
583 $ip = $1;
584 }
585 if (/by (\S+) /) {
586 $by = $1;
587 # now, if we have a "by" and an IP, that's enough for most uses;
588 # we have to make do with that.
589 if ($ip) { goto enough; }
590 }
591
592 # else it's probably forged. fall through
593 }
594
595 elsif (/ \(Postfix\) with/) {
596 # Received: from localhost (unknown [127.0.0.1])
597 # by cabbage.jmason.org (Postfix) with ESMTP id A96E18BD97
598 # for <jm@localhost>; Thu, 13 Mar 2003 15:23:15 -0500 (EST)
59956036.7ms112012.2ms if ( /^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) by (\S+) / ) {
# spent 6.37ms making 560 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 11µs/call # spent 5.80ms making 560 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 10µs/call
600415798µs $mta_looked_up_dns = 1;
60116606.06ms $helo = $1; $rdns = $2; $ip = $3; $by = $4;
6024651.42ms if ($rdns eq 'unknown') { $rdns = ''; }
603415105ms goto enough;
604 }
605
606 # Received: from 207.8.214.3 (unknown[211.94.164.65])
607 # by puzzle.pobox.com (Postfix) with SMTP id 9029AFB732;
608 # Sat, 8 Nov 2003 17:57:46 -0500 (EST)
609 # (Pobox.com version: reported in bug 2745)
61014512.9ms2902.56ms if ( /^(\S+) \((\S+)\[(${IP_ADDRESS})\]\) by (\S+) / ) {
# spent 1.99ms making 145 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 14µs/call # spent 567µs making 145 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
611 $mta_looked_up_dns = 1;
612 $helo = $1; $rdns = $2; $ip = $3; $by = $4;
613 if ($rdns eq 'unknown') { $rdns = ''; }
614 goto enough;
615 }
616 }
617
618 elsif (/\(Scalix SMTP Relay/) {
619 # from DPLAPTOP ( 72.242.176.162) by mail.puryear-it.com (Scalix SMTP Relay 10.0.1.3) via ESMTP; Fri, 23 Jun 2006 16:39:47 -0500 (CDT)
620 if (/^(\S+) \( ?(${IP_ADDRESS})\) by (\S+)/) {
621 $helo = $1; $ip = $2; $by = $3; goto enough;
622 }
623 }
624
625 elsif (/ \(Lotus Domino /) {
626 # it seems Domino never records the rDNS: bug 5926
627 if (/^(\S+) \(\[(${IP_ADDRESS})\]\) by (\S+) \(Lotus/) {
628 $mta_looked_up_dns = 0;
629 $helo = $1; $ip = $2; $by = $3; goto enough;
630 }
631 }
632
633 # Received: from 217.137.58.28 ([217.137.58.28])
634 # by webmail.ukonline.net (IMP) with HTTP
635 # for <anarchyintheuk@localhost>; Sun, 11 Apr 2004 00:31:07 +0100
6366327.74ms6362.93ms if (/\bwith HTTP\b/ && # more efficient split up this way
# spent 2.00ms making 634 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call # spent 934µs making 2 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 467µs/call
637 /^(${IP_ADDRESS}) \(\[${IP_ADDRESS}\]\) by (\S+)/)
638 {
639 # some smarty-pants decided to fake a numeric HELO for HTTP
640 # no rDNS for this format?
641 $ip = $1; $by = $2; goto enough;
642 }
643
644 # MiB: 2003/11/29 Some qmail-ldap headers may be misinterpreted as sendmail-headers
645 # resulting in a messed-up interpretation. We have to skip sendmail tests
646 # if we find evidence that this is a qmail-ldap header.
647 #
6486327.14ms6321.75ms unless (/ by \S+ \(qmail-\S+\) with /) {
# spent 1.75ms making 632 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
649 #
650 # sendmail:
651 # Received: from mail1.insuranceiq.com (host66.insuranceiq.com [65.217.159.66] (may be forged)) by dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id h2F0c2x31856 for <jm@jmason.org>; Sat, 15 Mar 2003 00:38:03 GMT
652 # Received: from BAY0-HMR08.adinternal.hotmail.com (bay0-hmr08.bay0.hotmail.com [65.54.241.207]) by dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id h2DBpvs24047 for <webmaster@efi.ie>; Thu, 13 Mar 2003 11:51:57 GMT
653 # Received: from ran-out.mx.develooper.com (IDENT:qmailr@one.develooper.com [64.81.84.115]) by dogma.slashnull.org (8.11.6/8.11.6) with SMTP id h381Vvf19860 for <jm-cpan@jmason.org>; Tue, 8 Apr 2003 02:31:57 +0100
654 # from rev.net (natpool62.rev.net [63.148.93.62] (may be forged)) (authenticated) by mail.rev.net (8.11.4/8.11.4) with ESMTP id h0KKa7d32306 for <spamassassin-talk@lists.sourceforge.net>
655 #
65663220.7ms126412.0ms if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\].*\) by (\S+) \(/) {
# spent 6.41ms making 632 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 10µs/call # spent 5.62ms making 632 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 9µs/call
657151261µs $mta_looked_up_dns = 1;
6586041.79ms $helo = $1; $rdns = $2; $ip = $3; $by = $4;
6591511.44ms151442µs $rdns =~ s/^IDENT:([^\@]*)\@// and $ident = $1; # remove IDENT lookups
# spent 442µs making 151 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 3µs/call
6601511.38ms151438µs $rdns =~ s/^([^\@]*)\@// and $ident = $1; # remove IDENT lookups
# spent 438µs making 151 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 3µs/call
66115118.2ms goto enough;
662 }
663 }
664
665# ---------------------------------------------------------------------------
666
667 ## OK, AT THIS POINT FORMATS GET A BIT NON-STANDARD
668
669 # Received: from ns.elcanto.co.kr (66.161.246.58 [66.161.246.58]) by
670 # mail.ssccbelen.edu.pe with SMTP (Microsoft Exchange Internet Mail Service
671 # Version 5.5.1960.3) id G69TW478; Thu, 13 Mar 2003 14:01:10 -0500
67248120.4ms9626.85ms if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) by (\S+) with \S+ \(/) {
# spent 4.16ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 9µs/call # spent 2.69ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 6µs/call
673 $mta_looked_up_dns = 1;
674 $rdns = $2; $ip = $3; $helo = $1; $by = $4; goto enough;
675 }
676
677 # from mail2.detr.gsi.gov.uk ([51.64.35.18] helo=ahvfw.dtlr.gsi.gov.uk) by mail4.gsi.gov.uk with smtp id 190K1R-0000me-00 for spamassassin-talk-admin@lists.sourceforge.net; Tue, 01 Apr 2003 12:33:46 +0100
67848112.8ms9627.18ms if (/^(\S+) \(\[(${IP_ADDRESS})\] helo=(\S+)\) by (\S+) with /) {
# spent 5.03ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 10µs/call # spent 2.15ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
679 $rdns = $1; $ip = $2; $helo = $3; $by = $4;
680 goto enough;
681 }
682
683 # from 12-211-5-69.client.attbi.com (<unknown.domain>[12.211.5.69]) by rwcrmhc53.attbi.com (rwcrmhc53) with SMTP id <2002112823351305300akl1ue>; Thu, 28 Nov 2002 23:35:13 +0000
68448112.5ms9626.82ms if (/^(\S+) \(<unknown\S*>\[(${IP_ADDRESS})\]\) by (\S+) /) {
# spent 4.90ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 10µs/call # spent 1.92ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
685 $helo = $1; $ip = $2; $by = $3;
686 goto enough;
687 }
688
689 # from attbi.com (h000502e08144.ne.client2.attbi.com[24.128.27.103]) by rwcrmhc53.attbi.com (rwcrmhc53) with SMTP id <20030222193438053008f7tee>; Sat, 22 Feb 2003 19:34:39 +0000
69048113.7ms9627.99ms if (/^(\S+) \((\S+\.\S+)\[(${IP_ADDRESS})\]\) by (\S+) /) {
# spent 4.89ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 10µs/call # spent 3.09ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 6µs/call
691 $mta_looked_up_dns = 1;
692 $helo = $1; $rdns = $2; $ip = $3; $by = $4;
693 goto enough;
694 }
695
696
697 # Received: from 4wtgRl (kgbxn@[211.244.147.115]) by dogma.slashnull.org (8.11.6/8.11.6) with SMTP id h8BBsUJ18848; Thu, 11 Sep 2003 12:54:31 +0100
69848113.7ms9628.08ms if (/^(\S+) \((\S*)\@\[(${IP_ADDRESS})\].*\) by (\S+) \(/) {
# spent 5.04ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 10µs/call # spent 3.03ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 6µs/call
699 $mta_looked_up_dns = 1; # this one does. there just wasn't one
700 $helo = $1; $ip = $3; $by = $4;
701 $ident = $2;
702 goto enough;
703 }
704
705 # Received: from 213.123.174.21 by lw11fd.law11.hotmail.msn.com with HTTP;
706 # Wed, 24 Jul 2002 16:36:44 GMT
7074814.92ms4811.69ms if (/by (\S+\.hotmail\.msn\.com) /) {
# spent 1.69ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
708 $by = $1;
709 /^(\S+) / and $ip = $1;
710 goto enough;
711 }
712
713 # Received: from x71-x56-x24-5.webspeed.dk (HELO niels) (69.96.3.15) by la.mx.develooper.com (qpsmtpd/0.27-dev) with SMTP; Fri, 02 Jan 2004 19:26:52 -0800
714 # Received: from sc8-sf-sshgate.sourceforge.net (HELO sc8-sf-netmisc.sourceforge.net) (66.35.250.220) by la.mx.develooper.com (qpsmtpd/0.27-dev) with ESMTP; Fri, 02 Jan 2004 14:44:41 -0800
715 # Received: from mx10.topofferz.net (HELO ) (69.6.60.10) by blazing.arsecandle.org with SMTP; 3 Mar 2004 20:34:38 -0000
71648112.9ms9627.22ms if (/^(\S+) \((?:HELO|EHLO) (\S*)\) \((${IP_ADDRESS})\) by (\S+) \(qpsmtpd\/\S+\) with (?:ESMTP|SMTP)/) {
# spent 5.19ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 11µs/call # spent 2.02ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
717 $rdns = $1; $helo = $2; $ip = $3; $by = $4; goto enough;
718 }
719
720 # from dslb-082-083-045-064.pools.arcor-ip.net (EHLO homepc) [82.83.45.64] by mail.gmx.net (mp010) with SMTP; 03 Feb 2007 13:13:47 +0100
72148113.5ms9627.70ms if (/^(\S+) \((?:HELO|EHLO) (\S*)\) \[(${IP_ADDRESS})\] by (\S+) \([^\)]+\) with (?:ESMTP|SMTP)/) {
# spent 4.96ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 10µs/call # spent 2.74ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 6µs/call
722 $rdns = $1; $helo = $2; $ip = $3; $by = $4; goto enough;
723 }
724
725 # MiB (Michel Bouissou, 2003/11/16)
726 # Moved some tests up because they might match on qmail tests, where this
727 # is not qmail
728 #
729 # Received: from imo-m01.mx.aol.com ([64.12.136.4]) by eagle.glenraven.com
730 # via smtpd (for [198.85.87.98]) with SMTP; Wed, 08 Oct 2003 16:25:37 -0400
73148120.8ms9626.79ms if (/^(\S+) \(\[(${IP_ADDRESS})\]\) by (\S+) via smtpd \(for \S+\) with SMTP\(/) {
# spent 4.97ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 10µs/call # spent 1.82ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
732 $helo = $1; $ip = $2; $by = $3; goto enough;
733 }
734
735 # Try to match most of various qmail possibilities
736 #
737 # General format:
738 # Received: from postfix3-2.free.fr (HELO machine.domain.com) (foobar@213.228.0.169) by totor.bouissou.net with SMTP; 14 Nov 2003 08:05:50 -0000
739 #
740 # "from (remote.rDNS|unknown)" is always there
741 # "(HELO machine.domain.com)" is there only if HELO differs from remote rDNS.
742 # HELO may be "" -- ie no string. "HELO" may also be "EHLO". HELO string
743 # may be an IP in fmt [1.2.3.4] -- do not strip [ and ], they are important.
744 # "foobar@" is remote IDENT info, specified only if ident given by remote
745 # Remote IP always appears between (parentheses), with or without IDENT@
746 # "by local.system.domain.com" always appears
747 #
748 # Protocol can be different from "SMTP", i.e. "RC4-SHA encrypted SMTP" or "QMQP"
749 # qmail's reported protocol shouldn't be "ESMTP", so by allowing only "with (.* )(SMTP|QMQP)"
750 # we should avoid matching on some sendmailish Received: lines that reports remote IP
751 # between ([218.0.185.24]) like qmail-ldap does, but use "with ESMTP".
752 #
753 # Normally, qmail-smtpd remote IP isn't between square brackets [], but some versions of
754 # qmail-ldap seem to add square brackets around remote IP. These versions of qmail-ldap
755 # use a longer format that also states the (envelope-sender <sender@domain>) and the
756 # qmail-ldap version. Example:
757 # Received: from unknown (HELO terpsichore.farfalle.com) (jdavid@[216.254.40.70]) (envelope-sender <jdavid@farfalle.com>) by mail13.speakeasy.net (qmail-ldap-1.03) with SMTP for <jm@jmason.org>; 12 Feb 2003 18:23:19 -0000
758 #
759 # Some others of the numerous qmail patches out there can also add variants of their own
760 #
761 # Received: from 211.245.85.228 (EHLO ) (211.245.85.228) by mta232.mail.scd.yahoo.com with SMTP; Sun, 25 Jan 2004 00:24:37 -0800
762 #
763 # bug 4813: make sure that the line doesn't have " id " after the
764 # protocol since that's a sendmail line and not qmail ...
76548143.9ms96227.8ms if (/^\S+( \((?:HELO|EHLO) \S*\))? \((\S+\@)?\[?${IP_ADDRESS}\]?\)( \(envelope-sender <\S+>\))? by \S+( \(.+\))* with (.* )?(SMTP|QMQP)(?! id )/ ) {
# spent 22.6ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 47µs/call # spent 5.21ms making 481 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 11µs/call
7668626.4ms6847.67ms if (/^(\S+) \((?:HELO|EHLO) ([^ \(\)]*)\) \((\S*)\@\[?(${IP_ADDRESS})\]?\)( \(envelope-sender <\S+>\))? by (\S+)/) {
# spent 4.85ms making 342 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 14µs/call # spent 2.82ms making 342 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 8µs/call
767 $rdns = $1; $helo = $2; $ident = $3; $ip = $4; $by = $6;
768 }
769 elsif (/^(\S+) \((?:HELO|EHLO) ([^ \(\)]*)\) \(\[?(${IP_ADDRESS})\]?\)( \(envelope-sender <\S+>\))? by (\S+)/) {
770414µs $rdns = $1; $helo = $2; $ip = $3; $by = $5;
771 }
772 elsif (/^(\S+) \((\S*)\@\[?(${IP_ADDRESS})\]?\)( \(envelope-sender <\S+>\))? by (\S+)/) {
773 # note: absence of HELO means that it matched rDNS in qmail-land
774 $helo = $rdns = $1; $ident = $2; $ip = $3; $by = $5;
775 }
776 elsif (/^(\S+) \(\[?(${IP_ADDRESS})\]?\)( \(envelope-sender <\S+>\))? by (\S+)/) {
7772551.08ms $helo = $rdns = $1; $ip = $2; $by = $4;
778 }
779 # qmail doesn't perform rDNS requests by itself, but is usually called
780 # by tcpserver or a similar daemon that passes rDNS information to qmail-smtpd.
781 # If qmail puts something else than "unknown" in the rDNS field, it means that
782 # it received this information from the daemon that called it. If qmail-smtpd
783 # writes "Received: from unknown", it means that either the remote has no
784 # rDNS, or qmail was called by a daemon that didn't gave the rDNS information.
78586443µs if ($rdns ne "unknown") {
78685160µs $mta_looked_up_dns = 1;
787 } else {
78812µs $rdns = '';
789 }
7908611.7ms goto enough;
791
792 }
793 # /MiB
794
795 # Received: from [193.220.176.134] by web40310.mail.yahoo.com via HTTP;
796 # Wed, 12 Feb 2003 14:22:21 PST
7973953.60ms3951.04ms if (/ via HTTP$/&&/^\[(${IP_ADDRESS})\] by (\S+) via HTTP$/) {
# spent 1.04ms making 395 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
798 $ip = $1; $by = $2; goto enough;
799 }
800
801 # Received: from 192.168.5.158 ( [192.168.5.158]) as user jason@localhost by mail.reusch.net with HTTP; Mon, 8 Jul 2002 23:24:56 -0400
80239510.9ms7906.18ms if (/^(\S+) \( \[(${IP_ADDRESS})\]\).*? by (\S+) /) {
# spent 4.67ms making 395 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 12µs/call # spent 1.51ms making 395 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
803 # TODO: is $1 helo?
804 $ip = $2; $by = $3; goto enough;
805 }
806
807 # Received: from (64.52.135.194 [64.52.135.194]) by mail.unearthed.com with ESMTP id BQB0hUH2 Thu, 20 Feb 2003 16:13:20 -0700 (PST)
80839511.2ms7906.58ms if (/^\((\S+) \[(${IP_ADDRESS})\]\) by (\S+) /) {
# spent 4.48ms making 395 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 11µs/call # spent 2.11ms making 395 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
809 $helo = $1; $ip = $2; $by = $3; goto enough;
810 }
811
812 # Received: from [65.167.180.251] by relent.cedata.com (MessageWall 1.1.0) with SMTP; 20 Feb 2003 23:57:15 -0000
81339510.6ms7905.71ms if (/^\[(${IP_ADDRESS})\] by (\S+) /) {
# spent 4.27ms making 395 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 11µs/call # spent 1.45ms making 395 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
8143164µs $ip = $1; $by = $2; goto enough;
815 }
816
817 # from ([172.16.1.78]) by email2.codeworksonline.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 6 Sep 2006 21:14:29 -0400
818 # from (130.215.36.186) by mcafee.wpi.edu via smtp id 021b_7e19a55a_ea7e_11da_83a9_00304811e63a; Tue, 23 May 2006 13:06:35 -0400
819 # from ([172.21.2.10]) by out-relay4.mtahq.org with ESMTP id 4420961.8281; Tue, 22 Aug 2006 17:53:08 -0400
82039411.0ms7886.19ms if (/^\(\[?(${IP_ADDRESS})\]?\) by (\S+) /) {
# spent 4.33ms making 394 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 11µs/call # spent 1.86ms making 394 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
821241.13ms $ip = $1; $by = $2; goto enough;
822 }
823
824 # Received: from acecomms [202.83.84.95] by mailscan.acenet.net.au [202.83.84.27] with SMTP (MDaemon.PRO.v5.0.6.R) for <spamassassin-talk@lists.sourceforge.net>; Fri, 21 Feb 2003 09:32:27 +1000
82538618.2ms7725.93ms if (/^(\S+) \[(${IP_ADDRESS})\] by (\S+) \[(\S+)\] with /) {
# spent 4.47ms making 386 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 12µs/call # spent 1.46ms making 386 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
826 $mta_looked_up_dns = 1;
827 $helo = $1; $ip = $2;
828 $by = $4; # use the IP addr for "by", more useful?
829 goto enough;
830 }
831
832 # Received: from mail.sxptt.zj.cn ([218.0.185.24]) by dogma.slashnull.org
833 # (8.11.6/8.11.6) with ESMTP id h2FH0Zx11330 for <webmaster@efi.ie>;
834 # Sat, 15 Mar 2003 17:00:41 GMT
83538613.9ms7729.09ms if (/^(\S+) \(\[(${IP_ADDRESS})\]\) by (\S+) \(/) { # sendmail
# spent 4.73ms making 386 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 12µs/call # spent 4.36ms making 386 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 11µs/call
836283500µs $mta_looked_up_dns = 1;
837113240.7ms $helo = $1; $ip = $2; $by = $3; goto enough;
838 }
839
840 # Received: from umr-mail7.umr.edu (umr-mail7.umr.edu [131.151.1.64]) via ESMTP by mrelay1.cc.umr.edu (8.12.1/) id h06GHYLZ022481; Mon, 6 Jan 2003 10:17:34 -0600
841 # Received: from Agni (localhost [::ffff:127.0.0.1]) (TLS: TLSv1/SSLv3, 168bits,DES-CBC3-SHA) by agni.forevermore.net with esmtp; Mon, 28 Oct 2002 14:48:52 -0800
842 # Received: from gandalf ([4.37.75.131]) (authenticated bits=0) by herald.cc.purdue.edu (8.12.5/8.12.5/herald) with ESMTP id g9JLefrm028228 for <spamassassin-talk@lists.sourceforge.net>; Sat, 19 Oct 2002 16:40:41 -0500 (EST)
843 # Received: from bushinternet.com (softdnserr [::ffff:61.99.99.67]) by mail.cs.helsinki.fi with esmtp; Fri, 22 Aug 2003 12:25:41 +0300
8441033.64ms2062.27ms if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\).*? by (\S+)\b/) { # sendmail
# spent 1.68ms making 103 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 16µs/call # spent 589µs making 103 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 6µs/call
845315µs if ($2 eq 'softdnserr') {
846 $mta_looked_up_dns = 0; # bug 2326: couriertcpd
847 } else {
848614µs $mta_looked_up_dns = 1; $rdns = $2;
849 }
85012420µs $helo = $1; $ip = $3; $by = $4; goto enough;
851 }
852
853 # from jsoliday.acs.internap.com ([63.251.66.24.63559]) by
854 # mailhost.acs.internap.com with esmtp (v3.35.1) id 1GNrLz-000295-00;
855 # Thu, 14 Sep 2006 09:34:07 -0400
8561003.77ms2002.53ms if (/^(\S+) \(\[(${IP_ADDRESS})(?:[.:]\d+)?\]\).*? by (\S+) /) {
# spent 1.63ms making 100 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 16µs/call # spent 901µs making 100 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 9µs/call
8574585µs $mta_looked_up_dns = 1;
8581806.67ms $helo = $1; $ip = $2; $by = $3; goto enough;
859 }
860
861 # Received: from roissy (p573.as1.exs.dublin.eircom.net [159.134.226.61])
862 # (authenticated bits=0) by slate.dublin.wbtsystems.com (8.12.6/8.12.6)
863 # with ESMTP id g9MFWcvb068860 for <jm@jmason.org>;
864 # Tue, 22 Oct 2002 16:32:39 +0100 (IST)
865551.96ms1101.30ms if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\)(?: \(authenticated bits=\d+\))? by (\S+) \(/) { # sendmail
# spent 1.03ms making 55 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 19µs/call # spent 270µs making 55 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
866 $mta_looked_up_dns = 1;
867 $helo = $1; $rdns = $2; $ip = $3; $by = $4; goto enough;
868 }
869
870 # Received: from cabbage.jmason.org [127.0.0.1]
871 # by localhost with IMAP (fetchmail-5.9.0)
872 # for jm@localhost (single-drop); Thu, 13 Mar 2003 20:39:56 -0800 (PST)
87355546µs55197µs if (/fetchmail/&&/^(\S+) (?:\[(${IP_ADDRESS})\] )?by (\S+) with \S+ \(fetchmail/) {
# spent 197µs making 55 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
874 $self->found_pop_fetcher_sig();
875 return 0; # skip fetchmail handovers
876 }
877
878 # Let's try to support a few qmailish formats in one;
879 # http://issues.apache.org/SpamAssassin/show_bug.cgi?id=2744#c14 :
880 # Received: from unknown (HELO feux01a-isp) (213.199.4.210) by totor.bouissou.net with SMTP; 1 Nov 2003 07:05:19 -0000
881 # Received: from adsl-207-213-27-129.dsl.lsan03.pacbell.net (HELO merlin.net.au) (Owner50@207.213.27.129) by totor.bouissou.net with SMTP; 10 Nov 2003 06:30:34 -0000
882551.94ms1101.31ms if (/^(\S+) \((?:HELO|EHLO) ([^\)]*)\) \((\S*@)?\[?(${IP_ADDRESS})\]?\).* by (\S+) /)
# spent 1.03ms making 55 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 19µs/call # spent 276µs making 55 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
883 {
884 $mta_looked_up_dns = 1;
885 $rdns = $1;
886 $helo = $2;
887 $ident = (defined $3) ? $3 : '';
888 $ip = $4;
889 $by = $5;
890 if ($ident) {
891 $ident =~ s/\@$//;
892 }
893 goto enough;
894 }
895
896 # Received: from x1-6-00-04-bd-d2-e0-a3.k317.webspeed.dk (benelli@80.167.158.170) by totor.bouissou.net with SMTP; 5 Nov 2003 23:18:42 -0000
897552.46ms1101.70ms if (/^(\S+) \((\S*@)?\[?(${IP_ADDRESS})\]?\).* by (\S+) /)
# spent 1.06ms making 55 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 19µs/call # spent 640µs making 55 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 12µs/call
898 {
8991525µs $mta_looked_up_dns = 1;
900 # bug 2744 notes that if HELO == rDNS, qmail drops it.
90145135µs $rdns = $1; $helo = $rdns; $ident = (defined $2) ? $2 : '';
9023088µs $ip = $3; $by = $4;
9031525µs if ($ident) { $ident =~ s/\@$//; }
904152.02ms goto enough;
905 }
906
907 # Received: from [129.24.215.125] by ws1-7.us4.outblaze.com with http for
908 # _bushisevil_@mail.com; Thu, 13 Feb 2003 15:59:28 -0500
90940386µs40140µs if (/ with http for /&&/^\[(${IP_ADDRESS})\] by (\S+) with http for /) {
# spent 140µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
910 $ip = $1; $by = $2; goto enough;
911 }
912
913 # Received: from po11.mit.edu [18.7.21.73]
914 # by stark.dyndns.tv with POP3 (fetchmail-5.9.7)
915 # for stark@localhost (single-drop); Tue, 18 Feb 2003 10:43:09 -0500 (EST)
916 # by po11.mit.edu (Cyrus v2.1.5) with LMTP; Tue, 18 Feb 2003 09:49:46 -0500
91740385µs40125µs if (/ with POP3 /&&/^(\S+) \[(${IP_ADDRESS})\] by (\S+) with POP3 /) {
# spent 125µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
918 $rdns = $1; $ip = $2; $by = $3; goto enough;
919 }
920
921 # Received: from snake.corp.yahoo.com(216.145.52.229) by x.x.org via smap (V1.3)
922 # id xma093673; Wed, 26 Mar 03 20:43:24 -0600
92340371µs40127µs if (/ via smap /&&/^(\S+)\((${IP_ADDRESS})\) by (\S+) via smap /) {
# spent 127µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
924 $mta_looked_up_dns = 1;
925 $rdns = $1; $ip = $2; $by = $3; goto enough;
926 }
927
928 # Received: from smtp.greyware.com(208.14.208.51, HELO smtp.sff.net) by x.x.org via smap (V1.3)
929 # id xma002908; Fri, 27 Feb 04 14:16:56 -0800
930401.44ms801.01ms if (/^(\S+)\((${IP_ADDRESS}), (?:HELO|EHLO) (\S*)\) by (\S+) via smap /) {
# spent 889µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 22µs/call # spent 118µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
931 $mta_looked_up_dns = 1;
932 $rdns = $1; $ip = $2; $helo = $3; $by = $4; goto enough;
933 }
934
935 # Received: from [192.168.0.71] by web01-nyc.clicvu.com (Post.Office MTA
936 # v3.5.3 release 223 ID# 0-64039U1000L100S0V35) with SMTP id com for
937 # <x@x.org>; Tue, 25 Mar 2003 11:42:04 -0500
93840837µs42593µs if (/ \(Post/&&/^\[(${IP_ADDRESS})\] by (\S+) \(Post/) {
# spent 468µs making 1 call to Mail::SpamAssassin::Message::Metadata::CORE:regcomp # spent 126µs making 41 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
939 $ip = $1; $by = $2; goto enough;
940 }
941
942 # Received: from [127.0.0.1] by euphoria (ArGoSoft Mail Server
943 # Freeware, Version 1.8 (1.8.2.5)); Sat, 8 Feb 2003 09:45:32 +0200
94440359µs40125µs if (/ \(ArGoSoft/&&/^\[(${IP_ADDRESS})\] by (\S+) \(ArGoSoft/) {
# spent 125µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
945 $ip = $1; $by = $2; goto enough;
946 }
947
948 # Received: from 157.54.8.23 by inet-vrs-05.redmond.corp.microsoft.com
949 # (InterScan E-Mail VirusWall NT); Thu, 06 Mar 2003 12:02:35 -0800
950 # Received: from 10.165.130.62 by CNNIMAIL12.CNN.COM (SMTPL release 1.0d) with TCP; Fri, 1 Sep 2006 20:28:14 -0400
951401.78ms801.30ms if (/^(${IP_ADDRESS}) by (\S+) \((?:SMTPL|InterScan)\b/) {
# spent 965µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 24µs/call # spent 336µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 8µs/call
952 $ip = $1; $by = $2; goto enough;
953 }
954
955 # Received: from faerber.muc.de by slarti.muc.de with BSMTP (rsmtp-qm-ot 0.4)
956 # for asrg@ietf.org; 7 Mar 2003 21:10:38 -0000
95740368µs40119µs if (/ with BSMTP/&&/^\S+ by \S+ with BSMTP/) {
# spent 119µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
958 return 0; # BSMTP != a TCP/IP handover, ignore it
959 }
960
961 # Received: from spike (spike.ig.co.uk [193.32.60.32]) by mail.ig.co.uk with
962 # SMTP id h27CrCD03362 for <asrg@ietf.org>; Fri, 7 Mar 2003 12:53:12 GMT
963401.55ms801.07ms if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) by (\S+) with /) {
# spent 947µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 24µs/call # spent 125µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
964 $mta_looked_up_dns = 1;
965 $helo = $1; $rdns = $2; $ip = $3; $by = $4; goto enough;
966 }
967
968 # Received: from customer254-217.iplannetworks.net (HELO AGAMENON)
969 # (baldusi@200.69.254.217 with plain) by smtp.mail.vip.sc5.yahoo.com with
970 # SMTP; 11 Mar 2003 21:03:28 -0000
97140444µs40202µs if (/^(\S+) \((?:HELO|EHLO) (\S*)\) \((\S+).*?\) by (\S+) with /) {
# spent 202µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
972 $mta_looked_up_dns = 1;
973 $rdns = $1; $helo = $2; $ip = $3; $by = $4;
974 $ip =~ s/([^\@]*)\@//g and $ident = $1; # remove IDENT lookups
975 goto enough;
976 }
977
978 # Received: from [192.168.1.104] (account nazgul HELO [192.168.1.104])
979 # by somewhere.com (CommuniGate Pro SMTP 3.5.7) with ESMTP-TLS id 2088434;
980 # Fri, 07 Mar 2003 13:05:06 -0500
981401.62ms801.14ms if (/^\[(${IP_ADDRESS})\] \((?:account \S+ )?(?:HELO|EHLO) (\S*)\) by (\S+) \(/) {
# spent 940µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 23µs/call # spent 196µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
982 $ip = $1; $helo = $2; $by = $3; goto enough;
983 }
984
985 # Received: from host.example.com ([192.0.2.1] verified)
986 # by mail.example.net (CommuniGate Pro SMTP 5.1.13)
987 # with ESMTP id 9786656 for user@example.net; Thu, 27 Mar 2008 15:08:17 +0600
98840361µs40117µs if (/ \(CommuniGate Pro/ && /^(\S+) \(\[(${IP_ADDRESS})\] verified\) by (\S+) \(/) {
# spent 117µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
989 $mta_looked_up_dns = 1;
990 $rdns = $1; $helo = $1; $ip = $2; $by = $3; goto enough;
991 }
992
993 # Received: from ([10.0.0.6]) by mail0.ciphertrust.com with ESMTP ; Thu,
994 # 13 Mar 2003 06:26:21 -0500 (EST)
995401.47ms801.01ms if (/^\(\[(${IP_ADDRESS})\]\) by (\S+) with /) {
# spent 881µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 22µs/call # spent 127µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
996 $ip = $1; $by = $2; goto enough;
997 }
998
999 # Received: from ironport.com (10.1.1.5) by a50.ironport.com with ESMTP; 01 Apr 2003 12:00:51 -0800
1000 # Received: from dyn-81-166-39-132.ppp.tiscali.fr (81.166.39.132) by cpmail.dk.tiscali.com (6.7.018)
1001401.53ms801.07ms if (/^([^\d]\S+) \((${IP_ADDRESS})\) by (\S+) /) {
# spent 858µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 21µs/call # spent 208µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
1002 $helo = $1; $ip = $2; $by = $3; goto enough;
1003 }
1004
1005 # Received: from scv3.apple.com (scv3.apple.com) by mailgate2.apple.com (Content Technologies SMTPRS 4.2.1) with ESMTP id <T61095998e1118164e13f8@mailgate2.apple.com>; Mon, 17 Mar 2003 17:04:54 -0800
1006 # bug 4704: Only let this match Content Technologies so it stops breaking things that come after it by matching first
100740356µs40112µs if (/^\S+ \(\S+\) by \S+ \(Content Technologies /) {
# spent 112µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1008 return 0; # useless without the $ip anyway!
1009 }
1010
1011 # Received: from 01al10015010057.ad.bls.com ([90.152.5.141] [90.152.5.141])
1012 # by aismtp3g.bls.com with ESMTP; Mon, 10 Mar 2003 11:10:41 -0500
101340365µs40128µs if (/^(\S+) \(\[(\S+)\] \[(\S+)\]\) by (\S+) with /) {
# spent 128µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1014 # not sure what $3 is ;)
1015 $helo = $1; $ip = $2; $by = $4;
1016 goto enough;
1017 }
1018
1019 # Received: from 206.47.0.153 by dm3cn8.bell.ca with ESMTP (Tumbleweed MMS
1020 # SMTP Relay (MMS v5.0)); Mon, 24 Mar 2003 19:49:48 -0500
1021401.81ms801.34ms if (/^(${IP_ADDRESS}) by (\S+) with /) {
# spent 914µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 23µs/call # spent 426µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 11µs/call
1022 $ip = $1; $by = $2;
1023 goto enough;
1024 }
1025
1026 # Received: from pobox.com (h005018086b3b.ne.client2.attbi.com[66.31.45.164])
1027 # by rwcrmhc53.attbi.com (rwcrmhc53) with SMTP id <2003031302165605300suph7e>;
1028 # Thu, 13 Mar 2003 02:16:56 +0000
1029401.52ms801.07ms if (/^(\S+) \((\S+)\[(${IP_ADDRESS})\]\) by (\S+) /) {
# spent 934µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 23µs/call # spent 133µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1030 $mta_looked_up_dns = 1;
1031 $helo = $1; $rdns = $2; $ip = $3; $by = $4; goto enough;
1032 }
1033
1034 # Received: from [10.128.128.81]:50999 (HELO dfintra.f-secure.com) by fsav4im2 ([10.128.128.74]:25) (F-Secure Anti-Virus for Internet Mail 6.0.34 Release) with SMTP; Tue, 5 Mar 2002 14:11:53 -0000
1035401.54ms801.06ms if (/^\[(${IP_ADDRESS})\]\S+ \((?:HELO|EHLO) (\S*)\) by (\S+) /) {
# spent 863µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 22µs/call # spent 196µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
1036 $ip = $1; $helo = $2; $by = $3; goto enough;
1037 }
1038
1039 # Received: from 62.180.7.250 (HELO daisy) by smtp.altavista.de (209.228.22.152) with SMTP; 19 Sep 2002 17:03:17 +0000
1040401.73ms801.22ms if (/^(${IP_ADDRESS}) \((?:HELO|EHLO) (\S*)\) by (\S+) /) {
# spent 981µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 25µs/call # spent 244µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 6µs/call
1041 $ip = $1; $helo = $2; $by = $3; goto enough;
1042 }
1043
1044 # Received: from oemcomputer [63.232.189.195] by highstream.net (SMTPD32-7.07) id A4CE7F2A0028; Sat, 01 Feb 2003 21:39:10 -0500
1045401.47ms801.00ms if (/^(\S+) \[(${IP_ADDRESS})\] by (\S+) /) {
# spent 877µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 22µs/call # spent 125µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1046 $helo = $1; $ip = $2; $by = $3; goto enough;
1047 }
1048
1049 # from nodnsquery(192.100.64.12) by herbivore.monmouth.edu via csmap (V4.1) id srcAAAyHaywy
1050401.52ms801.02ms if (/^(\S+)\((${IP_ADDRESS})\) by (\S+) /) {
# spent 881µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 22µs/call # spent 143µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
1051 $rdns = $1; $ip = $2; $by = $3; goto enough;
1052 }
1053
1054 # Received: from [192.168.0.13] by <server> (MailGate 3.5.172) with SMTP;
1055 # Tue, 1 Apr 2003 15:04:55 +0100
1056401.48ms801.02ms if (/^\[(${IP_ADDRESS})\] by (\S+) \(MailGate /) {
# spent 896µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 22µs/call # spent 126µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1057 $ip = $1; $by = $2; goto enough;
1058 }
1059
1060 # Received: from jmason.org (unverified [195.218.107.131]) by ni-mail1.dna.utvinternet.net <B0014212518@ni-mail1.dna.utvinternet.net>; Tue, 11 Feb 2003 12:18:12 +0000
1061401.53ms801.09ms if (/^(\S+) \(unverified \[(${IP_ADDRESS})\]\) by (\S+) /) {
# spent 958µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 24µs/call # spent 129µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1062 $helo = $1; $ip = $2; $by = $3; goto enough;
1063 }
1064
1065 # # from 165.228.131.11 (proxying for 139.130.20.189) (SquirrelMail authenticated user jmmail) by jmason.org with HTTP
1066 # if (/^from (\S+) \(proxying for (${IP_ADDRESS})\) \([A-Za-z][^\)]+\) by (\S+) with /) {
1067 # $ip = $2; $by = $3; goto enough;
1068 # }
1069401.88ms801.40ms if (/^(${IP_ADDRESS}) \([A-Za-z][^\)]+\) by (\S+) with /) {
# spent 959µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 24µs/call # spent 439µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 11µs/call
1070 $ip = $1; $by = $2; goto enough;
1071 }
1072
1073 # Received: from [212.87.144.30] (account seiz [212.87.144.30] verified) by x.imd.net (CommuniGate Pro SMTP 4.0.3) with ESMTP-TLS id 5026665 for spamassassin-talk@lists.sourceforge.net; Wed, 15 Jan 2003 16:27:05 +0100
1074 # bug 4704 This pattern was checked as just an Exim format, but it does exist elsewhere
1075 # Received: from [206.51.230.145] (helo=t-online.de)
1076 # by mxeu2.kundenserver.de with ESMTP (Nemesis),
1077 # id 0MKpdM-1CkRpr14PF-000608; Fri, 31 Dec 2004 19:49:15 +0100
1078 # Received: from [218.19.142.229] (helo=hotmail.com ident=yiuhyotp)
1079 # by yzordderrex with smtp (Exim 3.35 #1 (Debian)) id 194BE5-0005Zh-00; Sat, 12 Apr 2003 03:58:53 +0100
1080401.61ms801.11ms if (/^\[(${IP_ADDRESS})\] \(([^\)]+)\) by (\S+) /) {
# spent 937µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 23µs/call # spent 170µs making 40 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
10811248µs $ip = $1; my $sub = $2; $by = $3;
1082472µs432µs $sub =~ s/helo=(\S+)// and $helo = $1;
# spent 32µs making 4 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 8µs/call
1083440µs413µs $sub =~ s/ident=(\S*)// and $ident = $1;
# spent 13µs making 4 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 3µs/call
10844604µs goto enough;
1085 }
1086
1087 # Received: from mtsbp606.email-info.net (?dXqpg3b0hiH9faI2OxLT94P/YKDD3rQ1?@64.253.199.166) by kde.informatik.uni-kl.de with SMTP; 30 Apr 2003 15:06:29
1088361.49ms721.05ms if (/^(\S+) \((?:\S+\@)?(${IP_ADDRESS})\) by (\S+) with /) {
# spent 822µs making 36 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 23µs/call # spent 226µs making 36 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 6µs/call
1089 $rdns = $1; $ip = $2; $by = $3; goto enough;
1090 }
1091
1092 # Obtuse smtpd: http://www.obtuse.com/
1093 # Received: from TCE-E-7-182-54.bta.net.cn(202.106.182.54) via SMTP
1094 # by st.tahina.priv.at, id smtpdEDUB8h; Sun Nov 13 14:50:12 2005
1095 # Received: from pl027.nas934.d-osaka.nttpc.ne.jp(61.197.82.27), claiming to be "foo.woas.net" via SMTP
1096 # by st.tahina.priv.at, id smtpd1PBsZT; Sun Nov 13 15:38:52 2005
1097361.38ms72982µs if (/^(\S+)\((${IP_ADDRESS})\)(?:, claiming to be "(\S+)")? via \S+ by (\S+),/) {
# spent 872µs making 36 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 24µs/call # spent 110µs making 36 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1098 $rdns = $1; $ip = $2; $helo = (defined $3) ? $3 : ''; $by = $4;
1099 if ($1 ne 'UNKNOWN') {
1100 $mta_looked_up_dns = 1;
1101 $rdns = $1;
1102 }
1103 goto enough;
1104 }
1105
1106 # Yahoo Authenticated SMTP; Bug #6535
1107 # from itrqtnlnq (lucilleskinner@93.124.107.183 with login) by smtp111.mail.ne1.yahoo.com with SMTP; 17 Jan 2011 08:23:27 -0800 PST
1108361.40ms72950µs if (/^(\S+) \((\S+)@(${IP_ADDRESS}) with login\) by (\S+\.yahoo\.com) with SMTP/) {
# spent 857µs making 36 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 24µs/call # spent 93µs making 36 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1109 $helo = $1; $ip = $3; $by = $4; goto enough;
1110 }
1111
1112 # a synthetic header, generated internally:
1113 # Received: X-Originating-IP: 1.2.3.4
111436380µs36137µs if (/^X-Originating-IP: (\S+)$/) {
# spent 137µs making 36 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
1115241.22ms $ip = $1; $by = ''; goto enough;
1116 }
1117
1118 ## STUFF TO IGNORE ##
1119
1120 # Received: from raptor.research.att.com (bala@localhost) by
1121 # raptor.research.att.com (SGI-8.9.3/8.8.7) with ESMTP id KAA14788
1122 # for <asrg@example.com>; Fri, 7 Mar 2003 10:37:56 -0500 (EST)
1123 # make this localhost-specific, so we know it's safe to ignore
112428950µs56620µs if (/^\S+ \([^\s\@]+\@${LOCALHOST}\) by \S+ \(/) { return 0; }
# spent 518µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 19µs/call # spent 101µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
1125
1126 # from paul (helo=felix) by felix.peema.org with local-esmtp (Exim 4.43)
1127 # id 1Ccq0j-0002k2-Lk; Fri, 10 Dec 2004 19:01:01 +0000
1128 # Exim doco says this is local submission, cf switch -oMr
112928271µs28104µs if (/^\S+ \S+ by \S+ with local-e?smtp /) { return 0; }
# spent 104µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
1130
1131 # from 127.0.0.1 (AVG SMTP 7.0.299 [265.6.8]); Wed, 05 Jan 2005 15:06:48 -0800
113228229µs2872µs if (/^127\.0\.0\.1 \(AVG SMTP \S+ \[\S+\]\)/) { return 0; }
# spent 72µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1133
1134 # from qmail-scanner-general-admin@lists.sourceforge.net by alpha by uid 7791 with qmail-scanner-1.14 (spamassassin: 2.41. Clear:SA:0(-4.1/5.0):. Processed in 0.209512 secs)
113528263µs2899µs if (/^\S+\@\S+ by \S+ by uid \S+ /) { return 0; }
# spent 99µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 4µs/call
1136
1137 # Received: from DSmith1204@aol.com by imo-m09.mx.aol.com (mail_out_v34.13.) id 7.53.208064a0 (4394); Sat, 11 Jan 2003 23:24:31 -0500 (EST)
113828312µs28134µs if (/^\S+\@\S+ by \S+ /) { return 0; }
# spent 134µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
1139
1140 # Received: from Unknown/Local ([?.?.?.?]) by mailcity.com; Fri, 17 Jan 2003 15:23:29 -0000
114128228µs2868µs if (/^Unknown\/Local \(/) { return 0; }
# spent 68µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 2µs/call
1142
1143 # Received: from localhost (mailnull@localhost) by x.org (8.12.6/8.9.3)
1144 # with SMTP id h2R2iivG093740; Wed, 26 Mar 2003 20:44:44 -0600
1145 # (CST) (envelope-from x@x.org)
1146 # Received: from localhost (localhost [127.0.0.1]) (uid 500) by mail with local; Tue, 07 Jan 2003 11:40:47 -0600
1147281.43ms561.09ms if (/^${LOCALHOST} \((?:\S+\@)?${LOCALHOST}[\)\[]/) { return 0; }
# spent 953µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 34µs/call # spent 136µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
1148
1149 # Received: from olgisoft.com (127.0.0.1) by 127.0.0.1 (EzMTS MTSSmtp
1150 # 1.55d5) ; Thu, 20 Mar 03 10:06:43 +0100 for <asrg@ietf.org>
115128793µs56491µs if (/^\S+ \((?:\S+\@)?${LOCALHOST}\) /) { return 0; }
# spent 338µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 12µs/call # spent 152µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
1152
1153 # Received: from casper.ghostscript.com (raph@casper [127.0.0.1]) h148aux8016336verify=FAIL); Tue, 4 Feb 2003 00:36:56 -0800
115428826µs56509µs if (/^\S+ \(\S+\@\S+ \[${LOCALHOST}\]\) /) { return 0; }
# spent 418µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 15µs/call # spent 91µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1155
1156 # Received: from (AUTH: e40a9cea) by vqx.net with esmtp (courier-0.40) for <asrg@ietf.org>; Mon, 03 Mar 2003 14:49:28 +0000
115728239µs2872µs if (/^\(AUTH: \S+\) by \S+ with /) { return 0; }
# spent 72µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1158
1159 # from localhost (localhost [[UNIX: localhost]]) by home.barryodonovan.com
1160 # (8.12.11/8.12.11/Submit) id iBADHRP6011034; Fri, 10 Dec 2004 13:17:27 GMT
116128240µs2871µs if (/^localhost \(localhost \[\[UNIX: localhost\]\]\) by /) { return 0; }
# spent 71µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1162
1163 # Internal Amazon traffic
1164 # Received: from dc-mail-3102.iad3.amazon.com by mail-store-2001.amazon.com with ESMTP (peer crosscheck: dc-mail-3102.iad3.amazon.com)
116528246µs2880µs if (/^\S+\.amazon\.com by \S+\.amazon\.com with ESMTP \(peer crosscheck: /) { return 0; }
# spent 80µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1166
1167 # Received: from GWGC6-MTA by gc6.jefferson.co.us with Novell_GroupWise; Tue, 30 Nov 2004 10:09:15 -0700
116828269µs2886µs if (/^[^\.]+ by \S+ with Novell_GroupWise/) { return 0; }
# spent 86µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1169
1170 # Received: from no.name.available by [165.224.43.143] via smtpd (for [165.224.216.89]) with ESMTP; Fri, 28 Jan 2005 13:06:39 -0500
1171 # Received: from no.name.available by [165.224.216.88] via smtpd (for lists.sourceforge.net [66.35.250.206]) with ESMTP; Fri, 28 Jan 2005 15:42:30 -0500
1172 # These are from an internal host protected by a Raptor firewall, to hosts
1173 # outside the firewall. We can only ignore the handover since we don't have
1174 # enough info in those headers; however, from googling, it appears that
1175 # all samples are cases where the handover is safely ignored.
117628250µs2881µs if (/^no\.name\.available by \S+ via smtpd \(for /) { return 0; }
# spent 81µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1177
1178 # from 156.56.111.196 by blazing.arsecandle.org (envelope-from <gentoo-announce-return-530-rod=arsecandle.org@lists.gentoo.org>, uid 502) with qmail-scanner-1.24 (clamdscan: 0.80/594. f-prot: 4.4.2/3.14.11. Clear:RC:0(156.56.111.196):. Processed in 0.288806 secs); 06 Feb 2005 21:11:38 -0000
1179 # these are safe to ignore. the previous handover line has the full
1180 # details of the handover described here, it's just qmail-scanner
1181 # logging a little more.
118228255µs2888µs if (/^\S+ by \S+ \(.{0,100}\) with qmail-scanner/) {
# spent 88µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1183 $envfrom =~ s/^\s*<*//gs; $envfrom =~ s/>*\s*$//gs;
1184 $envfrom =~ s/[\s\000\#\[\]\(\)\<\>\|]/!/gs;
1185 $self->{qmail_scanner_env_from} = $envfrom; # hack!
1186 return 0;
1187 }
1188
1189 # Received: from mmail by argon.connect.org.uk with local (connectmail/exim)
1190 # id 18tOsg-0008FX-00; Thu, 13 Mar 2003 09:20:06 +0000
119128260µs2888µs if (/^\S+ by \S+ with local/) { return 0; }
# spent 88µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1192
1193 # HANDOVERS WE KNOW WE CAN'T DEAL WITH: TCP transmission, but to MTAs that
1194 # just don't log enough info for us to use (ie. no IP address present).
1195 # Note: "return 0" is strongly recommended here, unless you're sure
1196 # the regexp won't match something in the field; otherwise ALL_TRUSTED may
1197 # fire even in the presence of an unparseable Received header.
1198
1199 # Received: from CATHY.IJS.SI by CATHY.IJS.SI (PMDF V4.3-10 #8779) id <01KTSSR50NSW001MXN@CATHY.IJS.SI>; Fri, 21 Mar 2003 20:50:56 +0100
1200 # Received: from MATT_LINUX by hippo.star.co.uk via smtpd (for mail.webnote.net [193.120.211.219]) with SMTP; 3 Jul 2002 15:43:50 UT
1201 # Received: from cp-its-ieg01.mail.saic.com by cpmx.mail.saic.com for me@jmason.org; Tue, 23 Jul 2002 14:09:10 -0700
120237774µs28173µs if (/^\S+ by \S+ (?:with|via|for|\()/) { return 0; }
# spent 173µs making 28 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 6µs/call
1203
1204 # from senmail2.senate.gov with LMTP by senmail2 (3.0.2/sieved-3-0-build-942) for <example@vandinter.org>; Fri, 30 Jun 2006 10:58:41 -0400
1205 # from zimbramail.artsit.org.uk (unverified) by MAILSWEEP.birminghamartsit.org.uk (Clearswift SMTPRS 5.1.7) with ESMTP id <T78926b35f2c0a80003da8@MAILSWEEP.birminghamartsit.org.uk> for <discuss@lists.surbl.org>; Tue, 30 May 2006 15:56:15 +0100
120619218µs1998µs if (/^\S+ (?:(?:with|via|for) \S+|\(unverified\)) by\b/) { return 0; }
# spent 98µs making 19 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
1207
1208 # from DL1GSPMX02 (dl1gspmx02.gamestop.com) by email.ebgames.com (LSMTP for Windows NT v1.1b) with SMTP id <21.000575A0@email.ebgames.com>; Tue, 12 Sep 2006 21:06:43 -0500
120919174µs1962µs if (/\(LSMTP for/) { return 0; }
# spent 62µs making 19 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1210
1211 # if at this point we still haven't figured out the HELO string, see if we
1212 # can't just guess
121331632µs1264µs if (!$helo && /^(\S+)[^-A-Za-z0-9\.]/) { $helo = $1; }
# spent 64µs making 12 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 5µs/call
1214 }
1215
1216# ---------------------------------------------------------------------------
1217
1218 elsif (s/^FROM //) {
1219 # simta: http://rsug.itd.umich.edu/software/simta/
1220 # Note the ugly uppercase FROM/BY/ID
1221 # Received: FROM hackers.mr.itd.umich.edu (smtp.mail.umich.edu [141.211.14.81])
1222 # BY madman.mr.itd.umich.edu ID 434B508E.174A6.13932 ; 11 Oct 2005 01:41:34 -0400
1223 # Received: FROM [192.168.1.24] (s233-64-90-216.try.wideopenwest.com [64.233.216.90])
1224 # BY hackers.mr.itd.umich.edu ID 434B5051.8CDE5.15436 ; 11 Oct 2005 01:40:33 -0400
1225 if (/^(\S+) \((\S+) \[(${IP_ADDRESS})\]\) BY (\S+) ID (\S+)$/ ) {
1226 $mta_looked_up_dns = 1;
1227 $helo = $1; $rdns = $2; $ip = $3; $by = $4; $id = $5;
1228 goto enough;
1229 }
1230 }
1231
1232# ---------------------------------------------------------------------------
1233
1234 elsif (s/^\(from //) {
1235 # Norton AntiVirus Gateway
1236 # Received: (from localhost [24.180.47.240])
1237 # by host.name (NAVGW 2.5.2.12) with SMTP id M2006060503484615455
1238 # for <user@domain.co.uk>; Mon, 05 Jun 2006 03:48:47 +0100
1239 if (/^(\S*) \[(${IP_ADDRESS})\]\) by (\S+) \(NAVGW .*?\) with /) {
1240 $helo = $1; $ip = $2; $by = $3;
1241 goto enough;
1242 }
1243
1244 # header produced by command line /usr/bin/sendmail -t -f username@example.com
1245 # Received: (from username@localhost) by home.example.com
1246 # (8.12.11/8.12.11/Submit) id iBADHRP6011034; Fri, 10 Dec 2004 13:17:27 GMT
1247 if (/^\S+\@localhost\) by \S+ /) { return 0; }
1248
1249 # Received: (from vashugins@juno.com) by m06.lax.untd.com (jqueuemail) id LRVB3JAJ; Fri, 02 Jun 2006 08:15:21 PDT
1250 if (/^[^\s\@]+\@[^)]+\) by \S+\(jqueuemail\) id [^\s;]+/) { return 0; }
1251 }
1252
1253# ---------------------------------------------------------------------------
1254
1255 # FALL-THROUGH: OK, at this point let's try some general patterns for things
1256 # we may not have already parsed out.
1257291.08ms38742µs if (!$ip && /\[(${IP_ADDRESS})\]/) { $ip = $1; }
# spent 603µs making 19 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 32µs/call # spent 139µs making 19 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 7µs/call
1258
1259# ---------------------------------------------------------------------------
1260
1261 # We need to have a minimal amount of information to have a useful parse.
1262 # If we have the IP and the "by" name, move forward. If we don't, we'll
1263 # drop into the unparseable area.
12642785µs if ($ip && $by) { goto enough; }
1265
1266 # Ok, we can't handle this header, go ahead and return that.
126711213µs return;
1268
1269# ---------------------------------------------------------------------------
1270
1271enough:
1272
1273 # OK, line parsed (at least partially); now deal with the contents
1274
1275 # flag handovers we couldn't get an IP address from at all
127610412.53ms if ($ip eq '') {
1277 dbg("received-header: could not parse IP address from: $_");
1278 }
1279
1280 # DISABLED: if we cut out localhost-to-localhost SMTP handovers,
1281 # we will give FPs on SPF checks -- since the SMTP "MAIL FROM" addr
1282 # will be recorded, but we won't have the relays handover recorded
1283 # for that SMTP transaction, so we wind up checking the wrong IP
1284 # for the addr.
1285 if (0) {
1286 if ($ip eq '127.0.0.1') {
1287 dbg("received-header: ignoring localhost handover");
1288 return 0; # ignore localhost handovers
1289 }
1290 }
1291
1292104112.6ms10413.45ms if ($rdns =~ /^unknown$/i) {
# spent 3.45ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 3µs/call
1293513µs $rdns = ''; # some MTAs seem to do this
1294 }
1295
1296104118.6ms10413.45ms $ip =~ s/^ipv6://i; # remove "IPv6:" prefix
# spent 3.45ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 3µs/call
1297208226.3ms20824.63ms $ip =~ s/^\[//; $ip =~ s/\]\z//;
# spent 4.63ms making 2082 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 2µs/call
1298
1299 # IPv6 Scoped Address (RFC 4007, RFC 6874, RFC 3986 "unreserved" charset)
130010419.58ms10412.35ms $ip =~ s/%[A-Z0-9._~-]*\z//si; # scoped address? remove <zone_id>
# spent 2.35ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 2µs/call
1301
1302 # remove "::ffff:" prefix from IPv4-mapped-in-IPv6 addresses,
1303 # so we can treat them simply as IPv4 addresses
1304 # (only handles 'alternative form', not 'preferred form' - to be improved)
1305104118.3ms10413.79ms $ip =~ s/^0*:0*:(?:0*:)*ffff:(\d+\.\d+\.\d+\.\d+)$/$1/i;
# spent 3.79ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 4µs/call
1306
1307208253.0ms208216.8ms $envfrom =~ s/^\s*<*//gs; $envfrom =~ s/>*\s*$//gs;
# spent 16.8ms making 2082 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 8µs/call
1308104111.4ms10414.15ms $by =~ s/\;$//;
# spent 4.15ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 4µs/call
1309
1310 # ensure invalid chars are stripped. Replace with '!' to flag their
1311 # presence, though. NOTE: this means "[1.2.3.4]" IP addr HELO
1312 # strings, which are legit by RFC-2821, look like "!1.2.3.4!".
1313 # still useful though.
1314104121.2ms10416.50ms $ip =~ s/[\s\000\#\[\]\(\)\<\>\|]/!/gs;
# spent 6.50ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 6µs/call
1315104110.5ms10413.51ms $rdns =~ s/[\s\000\#\[\]\(\)\<\>\|]/!/gs;
# spent 3.51ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 3µs/call
1316104111.7ms10414.62ms $helo =~ s/[\s\000\#\[\]\(\)\<\>\|]/!/gs;
# spent 4.62ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 4µs/call
1317104118.8ms10414.66ms $by =~ s/[\s\000\#\[\]\(\)\<\>\|]/!/gs;
# spent 4.66ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 4µs/call
131810419.08ms10411.82ms $ident =~ s/[\s\000\#\[\]\(\)\<\>\|]/!/gs;
# spent 1.82ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 2µs/call
131910419.36ms10412.03ms $envfrom =~ s/[\s\000\#\[\]\(\)\<\>\|]/!/gs;
# spent 2.03ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:subst, avg 2µs/call
1320
1321104122.3ms my $relay = {
1322 ip => $ip,
1323 by => $by,
1324 helo => $helo,
1325 id => $id,
1326 ident => $ident,
1327 envfrom => $envfrom,
1328 lc_by => (lc $by),
1329 lc_helo => (lc $helo),
1330 auth => $auth
1331 };
1332
133310413.22ms if ($rdns eq '') {
13344271.72ms if ($mta_looked_up_dns) {
1335 # we know the MTA always does lookups, so this means the host
1336 # really has no rDNS (rather than that the MTA didn't bother
1337 # looking it up for us).
13383831.67ms $relay->{no_reverse_dns} = 1;
1339383900µs $rdns = '';
1340 } else {
134144176µs $relay->{rdns_not_in_headers} = 1;
1342 }
1343 }
1344
134510417.05ms $relay->{rdns} = $rdns;
134610415.23ms $relay->{lc_rdns} = lc $rdns;
1347
134810419.32ms104162.6ms $self->make_relay_as_string($relay);
# spent 62.6ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::make_relay_as_string, avg 60µs/call
1349
1350104126.2ms208212.7ms my $is_private = ($ip =~ /${IP_PRIVATE}/o);
# spent 10.8ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:match, avg 10µs/call # spent 1.89ms making 1041 calls to Mail::SpamAssassin::Message::Metadata::CORE:regcomp, avg 2µs/call
135110415.59ms $relay->{ip_private} = $is_private;
1352
1353 # add it to an internal array so Eval tests can use it
1354104122.6ms return $relay;
1355}
1356
1357
# spent 62.6ms (49.1+13.5) within Mail::SpamAssassin::Message::Metadata::make_relay_as_string which was called 1041 times, avg 60µs/call: # 1041 times (49.1ms+13.5ms) by Mail::SpamAssassin::Message::Metadata::parse_received_line at line 1348, avg 60µs/call
sub make_relay_as_string {
135810412.51ms my ($self, $relay) = @_;
1359
1360 # as-string rep. use spaces so things like Bayes can tokenize them easily.
1361 # NOTE: when tokenizing or matching, be sure to note that new
1362 # entries may be added to this string later. However, the *order*
1363 # of entries must be preserved, so that regexps that assume that
1364 # e.g. "ip" comes before "helo" will still work.
1365 #
1366104118.8ms my $asstr = "[ ip=$relay->{ip} rdns=$relay->{rdns} helo=$relay->{helo} by=$relay->{by} ident=$relay->{ident} envfrom=$relay->{envfrom} intl=0 id=$relay->{id} auth=$relay->{auth} msa=0 ]";
1367104114.6ms104113.5ms dbg("received-header: parsed as $asstr");
# spent 13.5ms making 1041 calls to Mail::SpamAssassin::Logger::dbg, avg 13µs/call
1368104112.7ms $relay->{as_string} = $asstr;
1369}
1370
1371# restart the parse if we find a fetchmail marker or similar.
1372# spamcop does this, and it's a great idea ;)
1373sub found_pop_fetcher_sig {
1374 my ($self) = @_;
1375 if ($self->{allow_fetchmail_markers}) {
1376 dbg("received-header: found fetchmail marker, restarting parse");
1377 $self->{relays_trusted} = [ ];
1378 $self->{relays_internal} = [ ];
1379 $self->{relays_external} = [ ];
1380 } else {
1381 dbg("received-header: found fetchmail marker outside trusted area, ignored");
1382 }
1383}
1384
1385# ---------------------------------------------------------------------------
1386
138718µs1;
Report produced by the NYTProf 6.04 Perl profiler, developed by Tim Bunce based on work by Adam Kaplan and Salvador Fandiño García.