Comments (2)
fedelemantuano
commented on June 14, 2024
1
Hi @bm1391,
you did me two questions.
The first one is about ip address. Yes it's possible to get sender ip from email, you should know the trust string. SpamScope cat get the ip addresses, if you set for every mail boxes the trust string:
https://github.com/SpamScope/spamscope/blob/develop/conf/spamscope.example.yml#L31
Extract a reliable sender IP address heuristically for each message.
Although the message format dictates a chain of relaying IP
addresses in each message, a malicious relay can easily alter that.
Therefore we cannot simply take the first IP in
the chain. Instead, our method is as follows.
First we trust the sender IP reported by our mail server in the
Received headers, and if the previous relay IP address is on our trust
list (e.g. other well-known mail services), we continue to
follow the previous Received line, till we reach the first unrecognized
IP address in the email header.
From article Characterizing Botnets from Email Spam Records:
Li Zhuang, J. D. Tygar
For the second question see issue #15.
from spamscope.
bmarsh9
commented on June 14, 2024
1
I understand now. Thanks. Sorry for all the questions and issues! Hopefully other people have the same.
from spamscope.
Related Issues (20)
- Migration to streamparse 3.x HOT 1
- New picking up emails and not recognized index in kibana HOT 2
- Manage Rejecting mapping update to in Elasticsearch bolt
- Java errors in Storm UI after installation HOT 6
- Configuration defaults will be used due to OSError HOT 1
- Add more lookups (other than Virustotal and Shodan) HOT 1
- Unable to convert Float HOT 3
- SpamAssassin returns empty dictionary HOT 6
- Unsure about data input
- Serializer Exception & Pipe Broken HOT 1
- Elasticsearch output bolt HOT 2
- Exception in phishing analysis for mail with mutiple subject headers HOT 2
- I noticed my issue was deleted, is this library not supported anymore? HOT 3
- Split actual output in: JSON mails and JSON attachments HOT 1
- Change the way to manage the inputs from more than one bolt HOT 1
- Reload configuration only if it changes HOT 2
- Integration with oletools HOT 1
- Integration with Shodan HOT 2
- Consider swapping out tika-app with tika-python HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spamscope.