Me estoy hartando de las estafas de aspecto sorprendentemente profesional que llegan a mi bandeja de entrada.
Quería crear una acción de Automator que me dijera quién es el remitente real al buscar la IP de la que proviene.
Normalmente, si tengo sospechas, yo:
1-Mostrar el encabezado completo del correo electrónico (usando todos los encabezados)
2-Buscar y buscar la dirección IP de origen utilizando quién es
3- Decida en función de la ubicación de IP real y del propietario qué hacer.
--Esta IP se origina en Italia? Así que es seguro decir que AMEX no usaría un servidor en Italia para enviarme ese correo electrónico.
Puedo usar ayuda para automatizar los pasos 1 y 2 (y el 2.1) en el correo.
Aquí están las muestras; El correo electrónico
Elencabezado
La muestra del contenido del archivo html
Encontréesto
PS: Sé que podría simplemente borrarlo y seguir con mi vida, pero: Extrañaría ayudar a personas inocentes, informándoles que su servidor fue pirateado y utilizado por los delincuentes, como ya lo hice con éxito varias veces, ayudando a cerrarlas. Una vez fue un sitio web de Wells Fago en un servidor de un operador de viajes en Rusia. Otra vez fue un sitio web de Visa en un servidor de restaurante en Islandia. Y ahora este.
UPDATE..UPDATE...UPDATE...
Encontré esto que se acerca a lo que quiero, pero necesitaría algunos ajustes. Desafortunadamente, está mucho más allá de mi capacidad de creación de scripts, por lo que se agradece cualquier ayuda:
modified May 27, 2003 by M. Kluskens
? parse out all Received headers (important if mail passes through several trusted email servers)
? parse out the IP address from Eudora Internet mail Server headers (EIMS)
? added trusted IP address list
*)
on perform_mail_action(info)
(* Prompt levels: 0=no dialog boxes, 1=show dialog boxes when Spam is found, 2=show all dialog boxes, 3 =debug/verbose *)
set ShowPrompts to 0
-- list of trusted IP addresses not to look up
set TrustedIPlist to {"127.0.0.1", "203.97.196.98", "219.88.68.80"}
set BlackListsToCheck to {"bl.spamcop.net", "relays.osirusoft.com", "relays.ordb.org", "blackholes.wirehub.net", "list.dsbl.org", "dynablock.wirehub.net", "dialups.visi.com"}
(* Perform a nslookup against various RBL blacklists as DNS queries by executing the following: *)
(* nslookup IP4.IP3.IP2.IP1.[blacklist], a result of 127.0.0.2 is ususlly indicative of a positive match *)
(* Some Blacklists: bl.spamcop.net, relays.ordb.org, orbs.dorkslayers.com, dev.null.dk, relays.visi.com
relays.osirusoft.com (a.k.a. SPEWS uses 127.0.0.4 as a positive match) *)
tell application "Mail"
(* Process messages in the IN Box *)
set NewMail to |SelectedMessages| of info
repeat with CurrentMessage in NewMail
set RawSource to source of CurrentMessage
-- separate out different headers to check more than just the first [] pair
set HeaderName to "Start" as string
set ResolvedIP to "Cleared" as string
set loopCount to 1
-- checking complete when Subject, Date, From, or To header encountered
repeat until (HeaderName = "Subject:" or HeaderName = "Date:" or HeaderName = "From:" or HeaderName = "To:")
set Header to paragraph loopCount of RawSource
set Headerstart to the (offset of ":" in Header)
if (Headerstart > 0) then
set HeaderName to (characters 1 thru Headerstart of Header) as string
-- append the rest of the header text to the header (plus any uninteresting headers)
repeat
set Header2 to paragraph (loopCount + 1) of RawSource
set HeaderStart2 to the (offset of ":" in Header2)
if (HeaderStart2 ? 0) then
set HeaderName2 to (characters 1 thru HeaderStart2 of Header2) as string
if (HeaderName2 = "Received:" or HeaderName2 = "Subject:" or HeaderName2 = "Date:" or HeaderName2 = "From:" or HeaderName2 = "To:") then exit repeat
end if
set loopCount to loopCount + 1
set Header to (Header & Header2)
end repeat
if (HeaderName = "Received:") then
(* Locate the Originating IP Address in the raw E-Mail header *)
-- Sendmail and others
set start to the (offset of "[" in Header) + 1
set finish to the (offset of "]" in Header) - 1
-- Eudora Internet Mail Server
if (start = 1 or finish = -1) then
set start to the (offset of "(" in Header) + 1
set finish to the (offset of ")" in Header) - 1
end if
if (start < finish) then
set IPAddress to (characters start thru finish of Header) as string
if (ShowPrompts > 2) then
display dialog " Relay's IP " & IPAddress
end if
if (IPAddress is not in TrustedIPlist) then
(* Parse the IPAddress text into its IP1.IP2.IP3.IP4 fields, starting from the end IP4 to IP1 *)
copy text (((length of IPAddress) + 2) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP4
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IPAddress
copy text (((length of IPAddress) + 1) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP3
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IPAddress
copy text (((length of IPAddress) + 1) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP2
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IP1
repeat with BlackList in BlackListsToCheck
set LookUpResult to do shell script ("nslookup " & IP4 & IP3 & IP2 & "." & IP1 & "." & BlackList)
(* Parse the tail end of the last line looking for a match *)
set resultoffset to (((length of LookUpResult) + 1) - (offset of ":" in (((reverse of characters of LookUpResult)) as string)))
copy text (resultoffset + 3) thru (resultoffset + 10) of LookUpResult to ResolvedIP
if ResolvedIP = "127.0.0." then
set ResolvedIP to "SPAM!!!" as string
else
set ResolvedIP to "Cleared" as string
end if
if (ResolvedIP = "SPAM!!!") then exit repeat
end repeat
end if -- ( IPAddress is not is TrustedIPlist)
end if -- ( start < finish )
end if -- ( Headername = "Received:" )
end if -- ( Headerstart > 0 )
set loopCount to loopCount + 1
if (ResolvedIP = "SPAM!!!") then exit repeat
end repeat -- until
(* If it was listed in the RBL Move message to Junk folder and mark as Junk mail *)
if (ResolvedIP = "SPAM!!!") then
if (ShowPrompts > 0) then
display dialog "Found SPAM listed on " & BlackList & "
Move Message to Junk Mail" & "
From: " & (sender of CurrentMessage) & "
Subject: " & (subject of CurrentMessage)
end if
set is junk mail of CurrentMessage to true
-- change this line to match your junk/spam mailbox
set mailbox of CurrentMessage to mailbox "Junk"
else
if (ShowPrompts > 1) then
display dialog ResolvedIP & " Sender's IP " & IP1 & IP2 & IP3 & "." & IP4 & "
From: " & (sender of CurrentMessage) & "
Subject: " & (subject of CurrentMessage)
end if
end if
end repeat
end tell
end perform_mail_action
[/code]