私は、受信トレイに届く驚くほどプロフェッショナルな詐欺にうんざりしています。
発信元のIPを検索して、実際の送信者が誰であるかを示すAutomatorアクションを作成したかったのです。
通常、疑わしい場合は次のようにします。
1-メールのヘッダー全体を表示(すべてのヘッダーを使用)
使用した2-見つけ、発信IPアドレスを見上げている人
3-実際のIPロケーションと所有者に基づいて何をすべきかを決定します。
-このIPはイタリアで生まれたものですか?したがって、AMEXはイタリアのサーバーを使用してこのようなメールを送信しないと言っても安全です。
メールのステップ1と2(および2.1)を自動化する方法については、いくつかのヘルプを使用できます。
サンプルは次のとおりです。Eメール
ヘッダー
htmlファイルのコンテンツのサンプル
私はこれが見つけ、ヘッダー:私はMail.appの検索を受信することはできますか?これは進行中ですが、質問には答えません。
PS:私はそれを削除して人生を続けることができることを知っていますが、罪のない人々を助けて、彼らのサーバーがハッキングされ、犯罪者に使用されていることを通知するのを逃します。ダウン。かつては、ロシアの旅行会社のサーバー上のWells FagoのWebサイトでした。別の時間は、アイスランドのレストランサーバー上のVisa Webサイトでした。そして今、これ。
UPDATE..UPDATE ... UPDATE ...
これは私が望むものに近いものでしたが、微調整が必要だと思いました。残念ながら、それは私のスクリプト能力をはるかに超えているので、どんな助けも歓迎します:
modified May 27, 2003 by M. Kluskens
? parse out all Received headers (important if mail passes through several trusted email servers)
? parse out the IP address from Eudora Internet mail Server headers (EIMS)
? added trusted IP address list
*)
on perform_mail_action(info)
(* Prompt levels: 0=no dialog boxes, 1=show dialog boxes when Spam is found, 2=show all dialog boxes, 3 =debug/verbose *)
set ShowPrompts to 0
-- list of trusted IP addresses not to look up
set TrustedIPlist to {"127.0.0.1", "203.97.196.98", "219.88.68.80"}
set BlackListsToCheck to {"bl.spamcop.net", "relays.osirusoft.com", "relays.ordb.org", "blackholes.wirehub.net", "list.dsbl.org", "dynablock.wirehub.net", "dialups.visi.com"}
(* Perform a nslookup against various RBL blacklists as DNS queries by executing the following: *)
(* nslookup IP4.IP3.IP2.IP1.[blacklist], a result of 127.0.0.2 is ususlly indicative of a positive match *)
(* Some Blacklists: bl.spamcop.net, relays.ordb.org, orbs.dorkslayers.com, dev.null.dk, relays.visi.com
relays.osirusoft.com (a.k.a. SPEWS uses 127.0.0.4 as a positive match) *)
tell application "Mail"
(* Process messages in the IN Box *)
set NewMail to |SelectedMessages| of info
repeat with CurrentMessage in NewMail
set RawSource to source of CurrentMessage
-- separate out different headers to check more than just the first [] pair
set HeaderName to "Start" as string
set ResolvedIP to "Cleared" as string
set loopCount to 1
-- checking complete when Subject, Date, From, or To header encountered
repeat until (HeaderName = "Subject:" or HeaderName = "Date:" or HeaderName = "From:" or HeaderName = "To:")
set Header to paragraph loopCount of RawSource
set Headerstart to the (offset of ":" in Header)
if (Headerstart > 0) then
set HeaderName to (characters 1 thru Headerstart of Header) as string
-- append the rest of the header text to the header (plus any uninteresting headers)
repeat
set Header2 to paragraph (loopCount + 1) of RawSource
set HeaderStart2 to the (offset of ":" in Header2)
if (HeaderStart2 ? 0) then
set HeaderName2 to (characters 1 thru HeaderStart2 of Header2) as string
if (HeaderName2 = "Received:" or HeaderName2 = "Subject:" or HeaderName2 = "Date:" or HeaderName2 = "From:" or HeaderName2 = "To:") then exit repeat
end if
set loopCount to loopCount + 1
set Header to (Header & Header2)
end repeat
if (HeaderName = "Received:") then
(* Locate the Originating IP Address in the raw E-Mail header *)
-- Sendmail and others
set start to the (offset of "[" in Header) + 1
set finish to the (offset of "]" in Header) - 1
-- Eudora Internet Mail Server
if (start = 1 or finish = -1) then
set start to the (offset of "(" in Header) + 1
set finish to the (offset of ")" in Header) - 1
end if
if (start < finish) then
set IPAddress to (characters start thru finish of Header) as string
if (ShowPrompts > 2) then
display dialog " Relay's IP " & IPAddress
end if
if (IPAddress is not in TrustedIPlist) then
(* Parse the IPAddress text into its IP1.IP2.IP3.IP4 fields, starting from the end IP4 to IP1 *)
copy text (((length of IPAddress) + 2) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP4
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IPAddress
copy text (((length of IPAddress) + 1) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP3
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IPAddress
copy text (((length of IPAddress) + 1) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP2
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IP1
repeat with BlackList in BlackListsToCheck
set LookUpResult to do shell script ("nslookup " & IP4 & IP3 & IP2 & "." & IP1 & "." & BlackList)
(* Parse the tail end of the last line looking for a match *)
set resultoffset to (((length of LookUpResult) + 1) - (offset of ":" in (((reverse of characters of LookUpResult)) as string)))
copy text (resultoffset + 3) thru (resultoffset + 10) of LookUpResult to ResolvedIP
if ResolvedIP = "127.0.0." then
set ResolvedIP to "SPAM!!!" as string
else
set ResolvedIP to "Cleared" as string
end if
if (ResolvedIP = "SPAM!!!") then exit repeat
end repeat
end if -- ( IPAddress is not is TrustedIPlist)
end if -- ( start < finish )
end if -- ( Headername = "Received:" )
end if -- ( Headerstart > 0 )
set loopCount to loopCount + 1
if (ResolvedIP = "SPAM!!!") then exit repeat
end repeat -- until
(* If it was listed in the RBL Move message to Junk folder and mark as Junk mail *)
if (ResolvedIP = "SPAM!!!") then
if (ShowPrompts > 0) then
display dialog "Found SPAM listed on " & BlackList & "
Move Message to Junk Mail" & "
From: " & (sender of CurrentMessage) & "
Subject: " & (subject of CurrentMessage)
end if
set is junk mail of CurrentMessage to true
-- change this line to match your junk/spam mailbox
set mailbox of CurrentMessage to mailbox "Junk"
else
if (ShowPrompts > 1) then
display dialog ResolvedIP & " Sender's IP " & IP1 & IP2 & IP3 & "." & IP4 & "
From: " & (sender of CurrentMessage) & "
Subject: " & (subject of CurrentMessage)
end if
end if
end repeat
end tell
end perform_mail_action
[/code]