def _check_for_forged_hotmail_received_headers(self, msg): self.hotmail_addr_but_no_hotmail_received = 0 self.hotmail_addr_with_forged_hotmail_received = 0 rcvd = msg.msg.get("Received") if re.search(r"from mail pickup service by hotmail" r"\.com with Microsoft SMTPSVC;", rcvd): return False if self.check_for_msn_groups_headers(msg): return False ip_header = msg.msg.get("X-ORIGINATING-IP") if ip_header and IP_ADDRESS.search(ip_header): FORGED_REGEX = Regex( r"from\s+(?:\S*\.)?hotmail.com\s+\(\S+\.hotmail(" r"?:\.msn)?\.com[\)]|" r"from\s+\S*\.hotmail\.com\s+\(\[{IP_ADDRESS}\]|" r"from\s+\S+\s+by\s+\S+\.hotmail(?:\.msn)?\.com\s+with\s+ " r"HTTP\;|" r"from\s+\[66\.218.\S+\]\s+by\s+\S+\.yahoo\.com" r"".format(IP_ADDRESS=IP_ADDRESS.pattern), re.I | re.X) if FORGED_REGEX.search(rcvd): return False if self.gated_through_received_hdr_remover(msg): return False if re.search(r"(?:from |HELO |helo=)\S*hotmail\.com\b", rcvd): self.hotmail_addr_with_forged_hotmail_received = 1 else: from_address = msg.msg.get("From") if not from_address: from_address = "" if not re.search(r"\bhotmail\.com$", from_address): return False self.hotmail_addr_but_no_hotmail_received = 1
def check_for_forged_eudoramail_received_headers(self, msg, target=None): """Check if the email has forged eudoramail received header""" from_addr = ''.join(msg.get_all_addr_header("From")) if from_addr.rsplit("@", 1)[-1] != "eudoramail.com": return False rcvd = ''.join(msg.get_decoded_header("Received")) ip = ''.join(msg.get_decoded_header("X-Sender-Ip")) if ip and IP_ADDRESS.search(ip): ip = True else: ip = False if self.gated_through_received_hdr_remover(msg): return False if Regex(r"by \S*whowhere.com\;").search(rcvd) and ip: return False return True