-
-
Save ychaouche/41367059be65da84f1b627ee17c3fa66 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I received a spam today at 09:55 | |
I had to run two different awk scripts to get : | |
- one to get sender info (e-mail + sender's server) | |
- one to get detailed spam score per rule | |
Both are written in AWK. | |
I'd like to run a single script that would do both operations. | |
A shell script that calls both awk scripts would read the file two times. | |
I'm thinking of a solution that scans the file a single time. | |
Is it possible while having two separate awk files? | |
first script : | |
#!/usr/bin/gawk -f | |
# extract sender's e-mail, IP and original domain of the sending host, if any. | |
/^From:/ {from=$0} | |
/Received:/ {recvd=$0} | |
END { | |
print from "\n" recvd | |
} | |
second script | |
#!/usr/bin/gawk -f | |
/tests/ { | |
tests=1; | |
sub(/tests=\[/,""); | |
} | |
/Received:/ {tests=0} | |
{ | |
if (tests) { | |
# each test in its own line | |
gsub(/, /,"\n"); | |
# remove preceding spaces and tabs | |
gsub(/[ \t]/,""); | |
# # remove autolearn=disabled after last rule. | |
gsub(/\].+/,""); | |
# print modified line | |
lines = lines $0 "\n" | |
} | |
} | |
END { | |
print lines; | |
} | |
Here's what I tried : | |
$ tee >(mail.headers.sender.info) | mail.headers.spam.rules.pretty | |
[start paste] | |
Return-Path: <info2@krodaer.bar> | |
Delivered-To: <a.chaouche@algerian-radio.dz> | |
Received: from messagerie.algerian-radio.dz | |
by messagerie.algerian-radio.dz (Dovecot) with LMTP id SFqoOvsMUWNf7gAArJM0yg | |
for <a.chaouche@algerian-radio.dz>; Thu, 20 Oct 2022 09:55:45 +0100 | |
Received: from localhost (localhost [127.0.0.1]) | |
by messagerie.algerian-radio.dz (Postfix) with ESMTP id BA3E23A8009F | |
for <a.chaouche@algerian-radio.dz>; Thu, 20 Oct 2022 09:55:45 +0100 (CET) | |
X-Virus-Scanned: Debian amavisd-new at messagerie.algerian-radio.dz | |
X-Spam-Flag: NO | |
X-Spam-Score: 3.698 | |
X-Spam-Level: *** | |
X-Spam-Status: No, score=3.698 tagged_above=-999 required=5 | |
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, | |
HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, SPF_HELO_NONE=0.001, | |
SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_PHISH=3.696] | |
autolearn=disabled | |
Received: from messagerie.algerian-radio.dz ([127.0.0.1]) | |
by localhost (messagerie.algerian-radio.dz. [127.0.0.1]) (amavisd-new, port 10024) | |
with ESMTP id yqj7THlbuj7y for <a.chaouche@algerian-radio.dz>; | |
Thu, 20 Oct 2022 09:55:45 +0100 (CET) | |
Received: from mail0.krodaer.bar (mail0.krodaer.bar [137.184.33.43]) | |
by messagerie.algerian-radio.dz (Postfix) with ESMTPS id E5DFF3A80097 | |
for <a.chaouche@algerian-radio.dz>; Thu, 20 Oct 2022 09:55:44 +0100 (CET) | |
Authentication-Results: messagerie.algerian-radio.dz; dkim=pass | |
reason="1024-bit key; unprotected key" | |
header.d=krodaer.bar header.i=info2@krodaer.bar header.b=iYVKw8pZ; | |
dkim-adsp=pass; dkim-atps=neutral | |
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=krodaer.bar; | |
h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type: | |
Content-Transfer-Encoding; i=info2@krodaer.bar; | |
bh=5cwpj0W1P6lQ1Y3J8/8IUq62NY1T2EF4V17aPnVkk+o=; | |
b=iYVKw8pZXDuKwCEHRcZQSk0Pq8geeBYrIjFmJNIFX/8Nr/ObvIPLluUnHB3YLXFC8O1VyhxN+4Rh | |
GAcghKY2mDy8uClhpWVuXK279GW7sB98JwQhm1ZWH7CEVeKwYu/LiQevcJ28WuPAU3xQ/gv43vbO | |
xoF30mTtohkOvGu0mZs= | |
From: algerian-radio.dz Cpanel<info2@krodaer.bar> | |
To: a.chaouche@algerian-radio.dz | |
Subject: Verify Your a.chaouche@algerian-radio.dz To Recover (9) Pending Emails` | |
Date: 20 Oct 2022 01:55:42 -0700 | |
Message-ID: <20221020015542.55AFC8B0048AA646@krodaer.bar> | |
MIME-Version: 1.0 | |
Content-Type: text/html | |
Content-Transfer-Encoding: quoted-printable | |
[end paste] | |
DKIM_SIGNED=0.1 | |
DKIM_VALID=-0.1 | |
DKIM_VALID_AU=-0.1, | |
HTML_MESSAGE=0.001 | |
MIME_HTML_ONLY=0.1 | |
SPF_HELO_NONE=0.001, | |
SPF_PASS=-0.001 | |
URIBL_BLOCKED=0.001 | |
URI_PHISH=3.696] | |
autolearn=disabled | |
[Missing output from first script] | |
[mail.headers.sender.info] | |
14:39:02 ~ -2- $ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment