D
David Mahon
I have a perl program which examines an email (using email::simple).
One of the headers is gathered by:
@received=$mail->header("Received");
and saved using:
print OUTFILE "Received: @received\n" if @received;
How can I extract the IP address of the machine that passed the email to
one of my machines? My system has multiple MX records. I want the IP
address of the machine sending the mail to one of the ones under my
control.
In almost all of the following examples, I would be wanting
"81.187.230.6" to be returned, as this was the outgoing smtp server for
my test messages (except for the last one, which is a local message).
Here is an example of mail sent direct:
Received: from saturn.amigo.co.uk ([81.187.230.6]) by
jupiter.amigo.co.uk with esmtp (Exim 4.54) id 1EiTyM-0002I1-Lr for
(e-mail address removed); Sat, 03 Dec 2005 09:46:26 +0000 from
earth.amigo.co.uk ( [81.187.230.3]) by amigo.co.uk with ESMTP
(Mailtraq/2.7.1.1862) id AMGC2B212AD8 for (e-mail address removed); Sat, 03
Dec 2005 09:46:21 -0000
Here is an example by received from a secondary MX:
Received: from b.hopeless.aaisp.net.uk ([81.187.81.12]
ident=[U2FsdGVkX199l1baK8tXe/WvO+LC4Iu53KbUETkAmKk=]) by
jupiter.amigo.co.uk with esmtp (Exim 4.54) id 1EiU4f-0002Md-MH for
(e-mail address removed); Sat, 03 Dec 2005 09:52:57 +0000 from
saturn.amigo.co.uk ([81.187.230.6]) by B.hopeless.aaisp.net.uk
([81.187.81.12]) with AAISP icebox mailer (build Nov 15 2005 17:36:31)
for (e-mail address removed); Sat, 03 Dec 2005 09:52:57 +0000 from
earth.amigo.co.uk ( [81.187.230.3]) by amigo.co.uk with ESMTP
(Mailtraq/2.7.1.1862) id AMGC2B212AE5 for (e-mail address removed); Sat, 03
Dec 2005 09:52:42 -0000
Here is an example received from my tertiary MX:
Received: from regardless.aaisp.net.uk ([81.187.30.42]
helo=tertiary-mx.co.uk
ident=[U2FsdGVkX185NJTsN0/QIxJfejckIpUPKbUwtfqmKjI=]) by
jupiter.amigo.co.uk with esmtps (TLS-1.0
HE_RSA_AES_256_CBC_SHA1:32)
(Exim 4.54) id 1EiU3S-0002L7-A1 for (e-mail address removed); Sat, 03 Dec
2005 09:51:42 +0000 from saturn.amigo.co.uk ([81.187.230.6]) by
tertiary-mx.co.uk with esmtp (Exim 4.43) id 1EiU3Q-0005ES-D4 for
(e-mail address removed); Sat, 03 Dec 2005 09:51:40 +0000 from
earth.amigo.co.uk ( [81.187.230.3]) by amigo.co.uk with ESMTP
(Mailtraq/2.7.1.1862) id AMGC2B212ADD for (e-mail address removed); Sat, 03
Dec 2005 09:49:27 -0000
(it's even possible that the mail could go tertiary -> secondary ->
primary MX)
Received: from b.hopeless.aaisp.net.uk ([81.187.81.12]
ident=[U2FsdGVkX19ybkaIvD81d8AAmAYb2rGz2ZDrfye9M/0=]) by
jupiter.amigo.co.uk with esmtp (Exim 4.54) id 1EiUFm-0002Uw-By for
(e-mail address removed); Sat, 03 Dec 2005 10:04:26 +0000 from
regardless.aaisp.net.uk ([2001:8B0:0:30::51BB:1E2A]
helo=tertiary-mx.co.uk) by B.hopeless.aaisp.net.uk
([2001:8B0:0:81::51BB:510C]) with AAISP icebox mailer (build Nov 15 2005
17:36:31) for (e-mail address removed); Sat, 03 Dec 2005 10:04:25 +0000 from
saturn.amigo.co.uk ([81.187.230.6]) by tertiary-mx.co.uk with esmtp
(Exim 4.43) id 1EiUFl-0005jk-Ms for (e-mail address removed); Sat, 03 Dec
2005 10:04:25 +0000 from earth.amigo.co.uk ( [81.187.230.3]) by
amigo.co.uk with ESMTP (Mailtraq/2.7.1.1862) id AMGC2B222AF8 for
(e-mail address removed); Sat, 03 Dec 2005 10:04:08 -0000
The final (I hope) alternative is that the mail is sent locally, and
therefore should be recognised as 127.0.0.1
Received: from user1 by jupiter.amigo.co.uk with local (Exim 4.54) id
1EfkYM-0006qz-Oo for (e-mail address removed); Fri, 25 Nov 2005 20:52:18
+0000
I suppose I want the first IP address (address enclosed in []) that
isn't an IP address of my MX hosts. Made slightly more complex by the
fact that some use IP6 addresses on occasion.
So, I want the first IP address enclosed in [] that is NOT
81.187.81.12 or 2001:8B0:0:81::51BB:510C
81.187.30.42 or 2001:8B0:0:30::51BB:1E2A
or 127.0.0.1 if there are none.
Help please - how do I do this?
One of the headers is gathered by:
@received=$mail->header("Received");
and saved using:
print OUTFILE "Received: @received\n" if @received;
How can I extract the IP address of the machine that passed the email to
one of my machines? My system has multiple MX records. I want the IP
address of the machine sending the mail to one of the ones under my
control.
In almost all of the following examples, I would be wanting
"81.187.230.6" to be returned, as this was the outgoing smtp server for
my test messages (except for the last one, which is a local message).
Here is an example of mail sent direct:
Received: from saturn.amigo.co.uk ([81.187.230.6]) by
jupiter.amigo.co.uk with esmtp (Exim 4.54) id 1EiTyM-0002I1-Lr for
(e-mail address removed); Sat, 03 Dec 2005 09:46:26 +0000 from
earth.amigo.co.uk ( [81.187.230.3]) by amigo.co.uk with ESMTP
(Mailtraq/2.7.1.1862) id AMGC2B212AD8 for (e-mail address removed); Sat, 03
Dec 2005 09:46:21 -0000
Here is an example by received from a secondary MX:
Received: from b.hopeless.aaisp.net.uk ([81.187.81.12]
ident=[U2FsdGVkX199l1baK8tXe/WvO+LC4Iu53KbUETkAmKk=]) by
jupiter.amigo.co.uk with esmtp (Exim 4.54) id 1EiU4f-0002Md-MH for
(e-mail address removed); Sat, 03 Dec 2005 09:52:57 +0000 from
saturn.amigo.co.uk ([81.187.230.6]) by B.hopeless.aaisp.net.uk
([81.187.81.12]) with AAISP icebox mailer (build Nov 15 2005 17:36:31)
for (e-mail address removed); Sat, 03 Dec 2005 09:52:57 +0000 from
earth.amigo.co.uk ( [81.187.230.3]) by amigo.co.uk with ESMTP
(Mailtraq/2.7.1.1862) id AMGC2B212AE5 for (e-mail address removed); Sat, 03
Dec 2005 09:52:42 -0000
Here is an example received from my tertiary MX:
Received: from regardless.aaisp.net.uk ([81.187.30.42]
helo=tertiary-mx.co.uk
ident=[U2FsdGVkX185NJTsN0/QIxJfejckIpUPKbUwtfqmKjI=]) by
jupiter.amigo.co.uk with esmtps (TLS-1.0
HE_RSA_AES_256_CBC_SHA1:32)(Exim 4.54) id 1EiU3S-0002L7-A1 for (e-mail address removed); Sat, 03 Dec
2005 09:51:42 +0000 from saturn.amigo.co.uk ([81.187.230.6]) by
tertiary-mx.co.uk with esmtp (Exim 4.43) id 1EiU3Q-0005ES-D4 for
(e-mail address removed); Sat, 03 Dec 2005 09:51:40 +0000 from
earth.amigo.co.uk ( [81.187.230.3]) by amigo.co.uk with ESMTP
(Mailtraq/2.7.1.1862) id AMGC2B212ADD for (e-mail address removed); Sat, 03
Dec 2005 09:49:27 -0000
(it's even possible that the mail could go tertiary -> secondary ->
primary MX)
Received: from b.hopeless.aaisp.net.uk ([81.187.81.12]
ident=[U2FsdGVkX19ybkaIvD81d8AAmAYb2rGz2ZDrfye9M/0=]) by
jupiter.amigo.co.uk with esmtp (Exim 4.54) id 1EiUFm-0002Uw-By for
(e-mail address removed); Sat, 03 Dec 2005 10:04:26 +0000 from
regardless.aaisp.net.uk ([2001:8B0:0:30::51BB:1E2A]
helo=tertiary-mx.co.uk) by B.hopeless.aaisp.net.uk
([2001:8B0:0:81::51BB:510C]) with AAISP icebox mailer (build Nov 15 2005
17:36:31) for (e-mail address removed); Sat, 03 Dec 2005 10:04:25 +0000 from
saturn.amigo.co.uk ([81.187.230.6]) by tertiary-mx.co.uk with esmtp
(Exim 4.43) id 1EiUFl-0005jk-Ms for (e-mail address removed); Sat, 03 Dec
2005 10:04:25 +0000 from earth.amigo.co.uk ( [81.187.230.3]) by
amigo.co.uk with ESMTP (Mailtraq/2.7.1.1862) id AMGC2B222AF8 for
(e-mail address removed); Sat, 03 Dec 2005 10:04:08 -0000
The final (I hope) alternative is that the mail is sent locally, and
therefore should be recognised as 127.0.0.1
Received: from user1 by jupiter.amigo.co.uk with local (Exim 4.54) id
1EfkYM-0006qz-Oo for (e-mail address removed); Fri, 25 Nov 2005 20:52:18
+0000
I suppose I want the first IP address (address enclosed in []) that
isn't an IP address of my MX hosts. Made slightly more complex by the
fact that some use IP6 addresses on occasion.
So, I want the first IP address enclosed in [] that is NOT
81.187.81.12 or 2001:8B0:0:81::51BB:510C
81.187.30.42 or 2001:8B0:0:30::51BB:1E2A
or 127.0.0.1 if there are none.
Help please - how do I do this?