This might be getting close...
If you pipe in a list of new-line separated 'Received' headers in this
Perl script:
$foo="";
while (<STDIN>)
{$foo .= $_};
$foo =~ s/(from .*?\(\[)(.*?)(\]\).*?$)/$2/gm;
print $foo;
it will output a new-line separated list of IP addresses.
Does that help at all??
Sent by: exim-users-bounces@???
To: Marc Perkel <marc@???>
cc: exim users <exim-users@???> (bcc: Dan Mitton/YD/RWDOE)
Subject: Re: [exim] REGEX help - Picking IP addresses out of
Received Headers
LSN: Not Relevant
User Filed as: Not a Record
This sounds like an interesting problem. Do you have an example of what
you are trying to parse? Is it $header_received ?
Sent by: exim-users-bounces@???
To: exim users <exim-users@???>
cc: (bcc: Dan Mitton/YD/RWDOE)
Subject: [exim] REGEX help - Picking IP addresses out of Received
Headers
LSN: Not Relevant
User Filed as: Not a Record
I'm looking for regular expressions that I can use in Received headers
to pick out IP addresses and use that to look up blacklist information
on mail that has been forwarded to me from other sources. Normally email
comes directly to my servers and that's easy to check the hosts for
blacklists. However when spam that is forwarded from other servers that
send good email the blacklists checks don't work. So I need to pull IP
addresses out of the Received headers to check where the message has been.
So - What I need is a regular expression to grab say the second or third
IP address back in the list and stick that into a variable that I can
use then to look up against blacklists. Or perhaps grab the last, second
to the last IP addresses.
Thanks in advance for your help.
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://www.exim.org/eximwiki/
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://www.exim.org/eximwiki/