#!/usr/bin/perl use strict; use MIME::Parser; use Mail::Address; # 7-11 Slurpie Mode Activated. $/ = undef; my $STDIN = <>; # Brain Freeze Mode Activated. $/="\n"; my $parser = new MIME::Parser; # don't use any disk space $parser->tmp_to_core(1); $parser->output_to_core(1); # parse the entity my $entity = $parser->parse_data($STDIN) or print $STDIN and exit(1); my $header = $entity->head; # fetch headers my $header_hashref = $header->header_hashref(); # addresses we believe this message was sent to my @apparently_to; # get To: lines my @addrs = Mail::Address->parse($header->get('To')); # get Received: lines foreach my $received_line ($header->get('Received')) { chomp $received_line; my ($apparently_to) = ($received_line =~ m/ for (\S+\@\S+); /); push @addrs,Mail::Address->parse($apparently_to); } # add the foreach my $addr (@addrs) { push @apparently_to,$addr->[1] unless (scalar grep { m/$addr->[1]/ } @apparently_to); } foreach my $addr (@apparently_to) { # most common is rotate 3, and rotate 13. chomp $addr; $addr =~ s/[^A-Za-z0-9]/./g; my ($addr_3,$addr_13,$addr_hex) = ($addr,$addr,$addr); $addr_3 =~ s/([A-Za-z0-9])/chr((ord($1)+3)%255)/ge; $addr_13 =~ y/abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/nopqrstuvwxyzabcdefghijklmNOPQRSTUVWXYZABCDEFGHIJKLM/; $addr_hex =~ s/([A-Za-z0-9])/sprintf("%x",ord($1))/eg; $addr_hex =~ s/\./../g; # check headers while (my ($header_type,$val_ref) = each %$header_hashref) { my $value; if ( grep { m/$addr_3|$addr_13|$addr_hex/ and ($value = $_ )} @$val_ref) { $header->add('X-ASCII-ROT-Spam','YES'); $header->add('X-ASCII-ROT-Spam-Status',"YES, found $addr in header $header_type"); print $header->as_string; print "\n"; $entity->print_body; exit 0; } } # now checking body if ($STDIN =~ m/\Q$addr_13\E|\Q$addr_3\E|\Q$addr_hex\E/) { $header->add('X-ASCII-ROT-Spam','YES'); $header->add('X-ASCII-ROT-Spam-Status',"YES, found $addr in body"); print $header->as_string; print "\n"; $entity->print_body; exit 0; } } # we never get here if we are spam. $entity->print;