updated decode-spam headers - now parses 67+ different SMTPheaders

This commit is contained in:
Mariusz B. / mgeeky 2021-10-26 23:03:24 +02:00
parent f13e75fb08
commit 683a25d8c7
2 changed files with 1574 additions and 243 deletions

View File

@ -7,39 +7,75 @@
Resulting output will contain useful information on why this e-mail might have been blocked. Resulting output will contain useful information on why this e-mail might have been blocked.
Processed headers (more than **32+** headers are parsed): Processed headers (more than **67+** headers are parsed):
- `Authentication-Results` - `X-forefront-antispam-report`
- `From` - `X-exchange-antispam`
- `Received-SPF` - `X-exchange-antispam-mailbox-delivery`
- `X-exchange-antispam-message-info`
- `X-microsoft-antispam-report-cfa-test`
- `Received` - `Received`
- `From`
- `To` - `To`
- `X-Forefront-Antispam-Report` - `Subject`
- `X-Mailer` - `Thread-topic`
- `X-Microsoft-Antispam-Mailbox-Delivery` - `Received-spf`
- `X-Microsoft-Antispam-Message-Info` - `X-mailer`
- `X-Microsoft-Antispam` - `X-originating-ip`
- `X-MS-Exchange-Transport-EndToEndLatency` - `User-agent`
- `X-MS-Oob-TLC-OOBClassifiers` - `X-forefront-antispam-report`
- `X-MS-Exchange-AtpMessageProperties` - `X-microsoft-antispam-mailbox-delivery`
- `X-Exchange-Antispam-Report-CFA-Test` - `X-microsoft-antispam`
- `X-Microsoft-Antispam-Report-CFA-Test` - `X-exchange-antispam-report-cfa-test`
- `X-MS-Exchange-AtpMessageProperties` - `X-spam-status`
- `X-Spam-Status` - `X-spam-level`
- `X-Spam-Level` - `X-spam-flag`
- `X-Spam-Flag` - `X-spam-report`
- `X-Spam-Report` - `X-vr-spamcause`
- `ARC-Authentication-Results` - `X-ovh-spam-reason`
- `X-MSFBL` - `X-vr-spamscore`
- `X-Ovh-Spam-Reason` - `X-virus-scanned`
- `X-VR-SPAMCAUSE` - `X-spam-checker-version`
- `X-VR-SPAMSCORE` - `X-ironport-av`
- `X-Virus-Scanned` - `X-ironport-anti-spam-filtered`
- `X-Spam-Checker-Version` - `X-ironport-anti-spam-result`
- `X-IronPort-AV` - `X-mimecast-spam-score`
- `X-Mimecast-Spam-Score` - `Spamdiagnosticmetadata`
- `User-Agent` - `X-ms-exchange-atpmessageproperties`
- `X-Originating-IP` - `X-msfbl`
- `X-ms-exchange-transport-endtoendlatency`
- `X-ms-oob-tlc-oobclassifiers`
- `X-ip-spam-verdict`
- `X-amp-result`
- `X-ironport-remoteip`
- `X-ironport-reputation`
- `X-sbrs`
- `X-ironport-sendergroup`
- `X-policy`
- `X-ironport-mailflowpolicy`
- `X-remote-ip`
- `X-sea-spam`
- `X-fireeye`
- `X-antiabuse`
- `X-tmase-version`
- `X-tm-as-product-ver`
- `X-tm-as-result`
- `X-imss-scan-details`
- `X-tm-as-user-approved-sender`
- `X-tm-as-user-blocked-sender`
- `X-tmase-result`
- `X-tmase-snap-result`
- `X-imss-dkim-white-list`
- `X-tm-as-result-xfilter`
- `X-tm-as-smtp`
- `X-scanned-by`
- `X-mimecast-spam-signature`
- `X-mimecast-bulk-signature`
- `X-sender-ip`
- `X-forefront-antispam-report-untrusted`
- `X-microsoft-antispam-untrusted`
- `X-sophos-senderhistory`
- `X-sophos-rescan`
- and more... - and more...
Most of these headers are not fully documented, therefore the script is unable to pinpoint all the details, but at least it collects all I could find on them. Most of these headers are not fully documented, therefore the script is unable to pinpoint all the details, but at least it collects all I could find on them.

File diff suppressed because it is too large Load Diff