class PhisherPhinder::SenderExtractor
Public Instance Methods
extract(mail)
click to toggle source
# File lib/phisher_phinder/sender_extractor.rb, line 5 def extract(mail) auth_senders = { hosts: [], email_addresses: [] } processed_authservs = [] authentication_results = mail.authentication_headers[:authentication_results] if authentication_results.any? trusted_auth_header = authentication_results.first untrusted_auth_headers = authentication_results[1..-1] auth_senders[:hosts] << { entry_type: :ip, host: trusted_auth_header[:spf].first[:ip], spf: {present: true, trusted: true} } auth_senders[:email_addresses] << { email_address: trusted_auth_header[:spf].first[:from], spf: {present: true, trusted: true, result: trusted_auth_header[:spf].first[:result]}, } processed_authservs << trusted_auth_header[:authserv_id] untrusted_auth_headers.each do |header| next if processed_authservs.include? header[:authserv_id] auth_senders[:hosts] << {entry_type: :ip, host: header[:spf].first[:ip], spf: {present: true, trusted: false}} unless auth_senders[:email_addresses].find { |entry| entry[:email_address] == header[:spf].first[:from] } auth_senders[:email_addresses] << { email_address: header[:spf].first[:from], spf: {present: true, trusted: false, result: header[:spf].first[:result]}, } end end end tracing_senders = [] mail.tracing_headers[:received].each do |header| if tracing_senders.empty? if header[:sender] && header[:sender][:ip] == trusted_auth_sender_ip(auth_senders) tracing_senders << header[:sender] end next end if header[:sender] && header[:recipient] == tracing_senders.last[:host] tracing_senders << header[:sender] else break end end { authentication_senders: auth_senders, tracing_senders: tracing_senders } end
Private Instance Methods
trusted_auth_sender_ip(authentication_senders)
click to toggle source
# File lib/phisher_phinder/sender_extractor.rb, line 70 def trusted_auth_sender_ip(authentication_senders) (authentication_senders[:hosts].find { |e| e[:spf][:trusted] })[:host] end