def _check_for_forged_hotmail_received_headers(self, msg):
self.hotmail_addr_but_no_hotmail_received = 0
self.hotmail_addr_with_forged_hotmail_received = 0
rcvd = msg.msg.get("Received")
if re.search(r"from mail pickup service by hotmail"
r"\.com with Microsoft SMTPSVC;", rcvd):
return False
if self.check_for_msn_groups_headers(msg):
return False
ip_header = msg.msg.get("X-ORIGINATING-IP")
if ip_header and IP_ADDRESS.search(ip_header):
FORGED_REGEX = Regex(
r"from\s+(?:\S*\.)?hotmail.com\s+\(\S+\.hotmail("
r"?:\.msn)?\.com[\)]|"
r"from\s+\S*\.hotmail\.com\s+\(\[{IP_ADDRESS}\]|"
r"from\s+\S+\s+by\s+\S+\.hotmail(?:\.msn)?\.com\s+with\s+ "
r"HTTP\;|"
r"from\s+\[66\.218.\S+\]\s+by\s+\S+\.yahoo\.com"
r"".format(IP_ADDRESS=IP_ADDRESS.pattern), re.I | re.X)
if FORGED_REGEX.search(rcvd):
return False
if self.gated_through_received_hdr_remover(msg):
return False
if re.search(r"(?:from |HELO |helo=)\S*hotmail\.com\b", rcvd):
self.hotmail_addr_with_forged_hotmail_received = 1
else:
from_address = msg.msg.get("From")
if not from_address:
from_address = ""
if not re.search(r"\bhotmail\.com$", from_address):
return False
self.hotmail_addr_but_no_hotmail_received = 1
def check_for_forged_eudoramail_received_headers(self, msg, target=None):
"""Check if the email has forged eudoramail received header"""
from_addr = ''.join(msg.get_all_addr_header("From"))
if from_addr.rsplit("@", 1)[-1] != "eudoramail.com":
return False
rcvd = ''.join(msg.get_decoded_header("Received"))
ip = ''.join(msg.get_decoded_header("X-Sender-Ip"))
if ip and IP_ADDRESS.search(ip):
ip = True
else:
ip = False
if self.gated_through_received_hdr_remover(msg):
return False
if Regex(r"by \S*whowhere.com\;").search(rcvd) and ip:
return False
return True
