# a little hack to get the sender's name and IP
SENDERIP=`formail -I"Subject:"|grep '^Received'|head -1|sed 's/.*\
You remove the subject line, but then you only look at lines that start
with Received. So the -I is superfluous. Out of the Received lines, you
only take the first. Perhaps that is reliable in your environment. In my
environment, the first three to six received lines deal with the mail
being handed from one HDC machine to another.
Can't use the last one either, because with 'spam' there is usually one or
two forged Recieved lines following the real ones.
What MIGHT work sometimes is:
| grep '^Received' # get the received lines
| grep '\[257\.257\.257' # which have our IP block in them
| tail -1 # throw out all but the last one
| sed ......... # and process that
I say "sometimes" because I have seen a few spams in which the forged
received lines pretended the message had an internal origin.