Tindakan Automator / Sript Mail.app untuk email yang mencurigakan

Saya merasa muak dengan SCAM yang tampak profesional yang tiba di Kotak Masuk saya.

Saya ingin membuat tindakan Automator yang akan memberi tahu saya siapa pengirim sebenarnya dengan mencari IP asalnya.

Biasanya jika saya curiga saya akan:

1-Tampilkan tajuk lengkap email (menggunakan Semua Tajuk)

2-Temukan dan Cari alamat IP Asal dengan menggunakan siapa

3 - Tentukan berdasarkan lokasi IP aktual dan pemilik apa yang harus dilakukan.

- IP ini berasal dari Italia? Jadi aman untuk mengatakan bahwa AMEX tidak akan menggunakan server di Italia untuk mengirim saya email seperti itu.

Saya dapat menggunakan beberapa bantuan bagaimana Mengotomatiskan Langkah 1 dan 2 (dan 2.1) dalam surat.

Berikut ini contohnya; Email email penipuan

Header

header email

Sampel konten file html

konten html

Saya menemukan ini Dapatkah saya membuat pencarian Mail.app Diterima: header? yang ada di sepanjang jalan, tetapi tidak menjawab pertanyaan.

PS: Saya tahu saya bisa menghapusnya dan melanjutkan hidup, tetapi: Saya akan merindukan membantu orang yang tidak bersalah, memberi tahu mereka bahwa server mereka diretas dan digunakan oleh Penjahat, karena saya sudah melakukannya dengan sukses beberapa kali, membantu untuk menutup mereka turun. Dulu itu adalah situs web Wells Fago di server operator perjalanan di Rusia. Lain waktu itu adalah situs web Visa di server restoran di Islandia. Dan sekarang ini.

UPDATE..UPDATE ... UPDATE ...

Saya menemukan ini yang mendekati apa yang saya inginkan, tetapi perlu beberapa penyesuaian. Sayangnya, ini jauh melampaui kemampuan skrip saya sehingga bantuan apa pun dihargai:

modified May 27, 2003 by M. Kluskens

? parse out all Received headers (important if mail passes through several trusted email servers)
? parse out the IP address from Eudora Internet mail Server headers (EIMS)
? added trusted IP address list
*)

on perform_mail_action(info)

(* Prompt levels: 0=no dialog boxes, 1=show dialog boxes when Spam is found, 2=show all dialog boxes, 3 =debug/verbose *)
set ShowPrompts to 0

-- list of trusted IP addresses not to look up
set TrustedIPlist to {"127.0.0.1", "203.97.196.98", "219.88.68.80"}

set BlackListsToCheck to {"bl.spamcop.net", "relays.osirusoft.com", "relays.ordb.org", "blackholes.wirehub.net", "list.dsbl.org", "dynablock.wirehub.net", "dialups.visi.com"}

(* Perform a nslookup against various RBL blacklists as DNS queries by executing the following: *)
(* nslookup IP4.IP3.IP2.IP1.[blacklist], a result of 127.0.0.2 is ususlly indicative of a positive match *)
(* Some Blacklists: bl.spamcop.net, relays.ordb.org, orbs.dorkslayers.com, dev.null.dk, relays.visi.com
relays.osirusoft.com (a.k.a. SPEWS uses 127.0.0.4 as a positive match) *)

tell application "Mail"
(* Process messages in the IN Box *)

set NewMail to |SelectedMessages| of info
repeat with CurrentMessage in NewMail
set RawSource to source of CurrentMessage
-- separate out different headers to check more than just the first [] pair
set HeaderName to "Start" as string
set ResolvedIP to "Cleared" as string
set loopCount to 1
-- checking complete when Subject, Date, From, or To header encountered
repeat until (HeaderName = "Subject:" or HeaderName = "Date:" or HeaderName = "From:" or HeaderName = "To:")
set Header to paragraph loopCount of RawSource
set Headerstart to the (offset of ":" in Header)
if (Headerstart > 0) then
set HeaderName to (characters 1 thru Headerstart of Header) as string
-- append the rest of the header text to the header (plus any uninteresting headers)
repeat
set Header2 to paragraph (loopCount + 1) of RawSource
set HeaderStart2 to the (offset of ":" in Header2)
if (HeaderStart2 ? 0) then
set HeaderName2 to (characters 1 thru HeaderStart2 of Header2) as string
if (HeaderName2 = "Received:" or HeaderName2 = "Subject:" or HeaderName2 = "Date:" or HeaderName2 = "From:" or HeaderName2 = "To:") then exit repeat
end if
set loopCount to loopCount + 1
set Header to (Header & Header2)
end repeat

if (HeaderName = "Received:") then
(* Locate the Originating IP Address in the raw E-Mail header *)
-- Sendmail and others
set start to the (offset of "[" in Header) + 1
set finish to the (offset of "]" in Header) - 1
-- Eudora Internet Mail Server
if (start = 1 or finish = -1) then
set start to the (offset of "(" in Header) + 1
set finish to the (offset of ")" in Header) - 1
end if

if (start < finish) then

set IPAddress to (characters start thru finish of Header) as string
if (ShowPrompts > 2) then
display dialog " Relay's IP " & IPAddress
end if

if (IPAddress is not in TrustedIPlist) then
(* Parse the IPAddress text into its IP1.IP2.IP3.IP4 fields, starting from the end IP4 to IP1 *)
copy text (((length of IPAddress) + 2) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP4
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IPAddress

copy text (((length of IPAddress) + 1) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP3
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IPAddress

copy text (((length of IPAddress) + 1) - ((offset of "." in (reverse of characters of IPAddress) as string))) thru (length of IPAddress) of IPAddress to IP2
copy text 1 thru ((length of IPAddress) - ((offset of "." in (reverse of characters of IPAddress) as string))) of IPAddress to IP1

repeat with BlackList in BlackListsToCheck
set LookUpResult to do shell script ("nslookup " & IP4 & IP3 & IP2 & "." & IP1 & "." & BlackList)

(* Parse the tail end of the last line looking for a match *)

set resultoffset to (((length of LookUpResult) + 1) - (offset of ":" in (((reverse of characters of LookUpResult)) as string)))
copy text (resultoffset + 3) thru (resultoffset + 10) of LookUpResult to ResolvedIP

if ResolvedIP = "127.0.0." then
set ResolvedIP to "SPAM!!!" as string
else
set ResolvedIP to "Cleared" as string
end if

if (ResolvedIP = "SPAM!!!") then exit repeat
end repeat
end if -- ( IPAddress is not is TrustedIPlist)
end if -- ( start < finish )
end if -- ( Headername = "Received:" )
end if -- ( Headerstart > 0 )
set loopCount to loopCount + 1
if (ResolvedIP = "SPAM!!!") then exit repeat
end repeat -- until

(* If it was listed in the RBL Move message to Junk folder and mark as Junk mail *)
if (ResolvedIP = "SPAM!!!") then
if (ShowPrompts > 0) then
display dialog "Found SPAM listed on " & BlackList & "
Move Message to Junk Mail" & "

From: " & (sender of CurrentMessage) & "

Subject: " & (subject of CurrentMessage)
end if

set is junk mail of CurrentMessage to true
-- change this line to match your junk/spam mailbox
set mailbox of CurrentMessage to mailbox "Junk"

else
if (ShowPrompts > 1) then
display dialog ResolvedIP & " Sender's IP " & IP1 & IP2 & IP3 & "." & IP4 & "

From: " & (sender of CurrentMessage) & "

Subject: " & (subject of CurrentMessage)
end if
end if

end repeat
end tell
end perform_mail_action
[/code]

mail.app applescript automator Ruskes
sumber

Saya telah memilih pertanyaan Anda karena Anda bersedia membantu orang yang tidak bersalah. Dan saya juga ingin tahu jawabannya. - Header shows Hotmail.com <- AMEX tidak akan menggunakannya atau NOR menggunakan bentuk html seperti itu :)

Rob

Bagian yang sulit adalah membuka atau tidak lampiran html, karena bisa berisi tindakan otomatis yang akan membahayakan saya. Akhirnya, saya menemukan jawabannya untuk menggunakan Tampilan Cepat yang tidak membuka file di komputer saya. Tapi mengetahui dari mana IP berasal biasanya cukup bagi saya.

Ruskes

Buka menggunakan NotePad ++ atau yang serupa, dan itu tidak akan berjalan.

Rob

Tindakan Automator / Sript Mail.app untuk email yang mencurigakan

Jawaban: