针对可疑电子邮件的Mail.app Automator / Sript操作

1

我厌倦了到达我的收件箱的令人惊讶的专业外观SCAMS。

我想创建一个Automator动作,通过查找它来自的IP来告诉我谁是真正的发送者。

通常如果我怀疑我会:

1 - 显示电子邮件的完整标题(使用所有标题)

2 - 使用查找和查找原始IP地址 谁是

3-根据实际IP位置和所有者决定做什么。

- 这个IP来自意大利?因此可以肯定地说,AMEX不会使用意大利的服务器向我发送此类电子邮件。

我可以使用一些帮助如何在邮件中自动执行步骤1和2(以及2.1)。

这是样本; 电子邮件 the scam email

标题

the email header

html文件内容的示例

html content

我找到了这个 我可以使Mail.app搜索收到:标题? 这是一路走来的,但它没有回答这个问题。

PS: 我知道我可以删除它并继续生活,但是: 我会想念帮助无辜的人,告诉他们他们的服务器被黑客入侵并被犯罪分子使用,因为我已经成功地做了几次,帮助关闭他们。 曾经是俄罗斯旅行社服务器上的Wells Fago网站。 另一次是冰岛餐厅服务器上的Visa网站。而现在这一个。

UPDATE..UPDATE ...更新中...

我发现这接近我想要的,但需要一些调整。不幸的是,它超出了我的脚本编写能力,所以任何帮助都表示赞赏: 

modified May 27, 2003 by M. Kluskens

? parse out all Received headers (important if mail passes through several trusted email servers)
? parse out the IP address from Eudora Internet mail Server headers (EIMS)
? added trusted IP address list
*)

on perform_mail_action(info)

(* Prompt levels: 0=no dialog boxes, 1=show dialog boxes when Spam is found, 2=show all dialog boxes, 3 =debug/verbose *)
set ShowPrompts to 0

-- list of trusted IP addresses not to look up
set TrustedIPlist to {"127.0.0.1", "203.97.196.98", "219.88.68.80"}

set BlackListsToCheck to {"bl.spamcop.net", "relays.osirusoft.com", "relays.ordb.org", "blackholes.wirehub.net", "list.dsbl.org", "dynablock.wirehub.net", "dialups.visi.com"}

(* Perform a nslookup against various RBL blacklists as DNS queries by executing the following: *)
(* nslookup IP4.IP3.IP2.IP1.[blacklist], a result of 127.0.0.2 is ususlly indicative of a positive match *)
(* Some Blacklists: bl.spamcop.net, relays.ordb.org, orbs.dorkslayers.com, dev.null.dk, relays.visi.com
relays.osirusoft.com (a.k.a. SPEWS uses 127.0.0.4 as a positive match) *)

tell application "Mail"
(* Process messages in the IN Box *)

set NewMail to |SelectedMessages| of info
repeat with CurrentMessage in NewMail
set RawSource to source of CurrentMessage
-- separate out different headers to check more than just the first [] pair
set HeaderName to "Start" as string
set ResolvedIP to "Cleared" as string
set loopCount to 1
-- checking complete when Subject, Date, From, or To header encountered
repeat until (HeaderName = "Subject:" or HeaderName = "Date:" or HeaderName = "From:" or HeaderName = "To:")
set Header to paragraph loopCount of RawSource
set Headerstart to the (offset of ":" in Header)
if (Headerstart > 0) then
set HeaderName to (characters 1 thru Headerstart of Header) as string
-- append the rest of the header text to the header (plus any uninteresting headers)
repeat
set Header2 to paragraph (loopCount + 1) of RawSource
set HeaderStart2 to the (offset of ":" in Header2)
if (HeaderStart2 ? 0) then
set HeaderName2 to (characters 1 thru HeaderStart2 of Header2) as string
if (HeaderName2 = "Received:" or HeaderName2 = "Subject:" or HeaderName2 = "Date:" or HeaderName2 = "From:" or HeaderName2 = "To:") then exit repeat
end if
set loopCount to loopCount + 1
set Header to (Header & Header2)
end repeat

if (HeaderName = "Received:") then
(* Locate the Originating IP Address in the raw E-Mail header *)
-- Sendmail and others
set start to the (offset of "[" in Header) + 1
set finish to the (offset of "]" in Header) - 1
-- Eudora Internet Mail Server
if (start = 1 or finish = -1) then
set start to the (offset of "(" in Header) + 1
set finish to the (offset of ")" in Header) - 1
end if

if (start < finish) then

set IPAddress to (characters start thru finish of Header) as string
if (ShowPrompts > 2) then
display dialog " Relay's IP " & IPAddress
end if

if (IPAddress is not in TrustedIPlist) then
(* Parse the IPAddress text into its IP1.IP2.IP3.IP4 fields, starting from the end IP4 to IP1 *)
copy text (((length of IPAddress) + 2) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP4
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IPAddress

copy text (((length of IPAddress) + 1) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP3
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IPAddress

copy text (((length of IPAddress) + 1) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP2
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IP1

repeat with BlackList in BlackListsToCheck
set LookUpResult to do shell script ("nslookup " & IP4 & IP3 & IP2 & "." & IP1 & "." & BlackList)

(* Parse the tail end of the last line looking for a match *)

set resultoffset to (((length of LookUpResult) + 1) - (offset of ":" in (((reverse of characters of LookUpResult)) as string)))
copy text (resultoffset + 3) thru (resultoffset + 10) of LookUpResult to ResolvedIP

if ResolvedIP = "127.0.0." then
set ResolvedIP to "SPAM!!!" as string
else
set ResolvedIP to "Cleared" as string
end if

if (ResolvedIP = "SPAM!!!") then exit repeat
end repeat
end if -- ( IPAddress is not is TrustedIPlist)
end if -- ( start < finish )
end if -- ( Headername = "Received:" )
end if -- ( Headerstart > 0 )
set loopCount to loopCount + 1
if (ResolvedIP = "SPAM!!!") then exit repeat
end repeat -- until

(* If it was listed in the RBL Move message to Junk folder and mark as Junk mail *)
if (ResolvedIP = "SPAM!!!") then
if (ShowPrompts > 0) then
display dialog "Found SPAM listed on " & BlackList & "
Move Message to Junk Mail" & "

From: " & (sender of CurrentMessage) & "

Subject: " & (subject of CurrentMessage)
end if

set is junk mail of CurrentMessage to true
-- change this line to match your junk/spam mailbox
set mailbox of CurrentMessage to mailbox "Junk"

else
if (ShowPrompts > 1) then
display dialog ResolvedIP & " Sender's IP " & IP1 & IP2 & IP3 & "." & IP4 & "

From: " & (sender of CurrentMessage) & "

Subject: " & (subject of CurrentMessage)
end if
end if

end repeat
end tell
end perform_mail_action
[/code]
mail.app  applescript  automator 
Buscar웃
source
我已经投了你的问题,因为你愿意帮助无辜的人。而且我也想知道答案。 - 标题显示Hotmail.com&lt; - AMEX不会使用NOR使用这样的html表单:)
Rob
困难的部分是打开或不打开html附件,因为它可能包含一个会伤害我的自动操作。最后,我想出了使用Quick Look,它不会在我的计算机上打开文件。但是知道IP的来源通常对我来说已经足够了。
Buscar웃
1
使用NotePad ++或类似的东西打开它,它将无法运行。
Rob

Answers:

1

似乎Automator本身没有足够的词汇来执行此任务,但是使用一点Applescript就可以实现。

如果你升级到小牛队,你可以使用 库添加ICU正则表达式 你的脚本,但awk,sed和Perl为你提供了充足的解析能力。

我使用FastScripts或Keyboard Maestro在我的系统上运行Applescript,但Automator服务也应该可以运行。

请注意,此脚本不是您问题的完整答案,但提供了解决问题所需的大多数工具。

-ccs 

try

    set lookUpAgent to "http://www.lookip.net/whois/"

    tell application "Mail"
        set selMsgList to selection
        if selMsgList ≠ {} then
            set selMsg to item 1 of selMsgList
            tell selMsg
                set headerText to all headers
            end tell
        else
            error "No messages were selected!"
        end if
    end tell

    # Parse the header-text to your heart's content.
    # A simple example:
    set parsedText to do shell script "egrep -i ^received: <<< " & quoted form of headerText

    # Let's say the IP address you parse out is:
    set ipAdrs to "17.172.224.47"

    set lookUpUrl to lookUpAgent & ipAdrs

    tell application "Safari"
        activate
        make new document with properties {URL:lookUpUrl}
    end tell

on error e number n
    set e to e & return & return & "Num: " & n
    tell me to set dDlg to display dialog e with title ¬
        "ERROR!" buttons {"Cancel", "Copy", "OK"} default button "OK"
    if button returned of dDlg = "Copy" then set the clipboard to e
end try
Christopher Stone
source
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.