On Wednesday 06 June 2007 19:01, Marc Perkel wrote:
> I'm looking for regular expressions that I can use in Received headers
> to pick out IP addresses and use that to look up blacklist information
> on mail that has been forwarded to me from other sources. Normally email
> comes directly to my servers and that's easy to check the hosts for
> blacklists. However when spam that is forwarded from other servers that
> send good email the blacklists checks don't work. So I need to pull IP
> addresses out of the Received headers to check where the message has been.
>
> So - What I need is a regular expression to grab say the second or third
> IP address back in the list and stick that into a variable that I can
> use then to look up against blacklists. Or perhaps grab the last, second
> to the last IP addresses.
This sounds like *exactly* what SpamAssassin does, and does well (it has code
covering a variety of Received field formats, can be told which relays to
trust etc. (I think it can be a good idea to add those "other servers that
send good email" to internal_networks)). If you wish to avoid passing mail to
SA whenever possible, perhaps you can still reuse some code.
--
Magnus Holmgren holmgren@???
(No Cc of list mail needed, thanks)
