Walter Dnes <waltdnes(_at_)interlog(_dot_)com> writes:
I'm alpha-testing my IP-address-based filter, and I may have to do
some rewriting. This may be somewhat of an RFC header question. It
seems that the last external IP address (before the email reaches my
ISP's system) is always surrounded by square brackets like so...
Received: from LLCAPP (llciis.logicallink.com [207.34.94.5])...
That line is generated by your ISPs SMTP server. From the format I
would say sendmail. If you look further along in that header (probably
the next line, being a continuation of the previous), you'll see
something like:
by mailhost.your.isp (8.x.x/8.x.x) with SMTP id AA######
Since it's your ISP's system that's adding it, its format will be stable
as long as your ISP doesn't change MTAs, and the addresses shown can be
trusted. Note that since MTA always insert Received: headers _before_
any old ones, your ISP's will be the _first_ that matches the regexp:
^Received: .* by ([-a-z0-9]+\.)*your.isp\>
Therefore, to extract the IP address of the system that connected to
your ISPs system you would do something like:
# The first condition locates the correct header and extracts
# starting right after the bracket that delineates the IP we
# want. The second condition limits the match area to just the
# IP.
:0
* ^Received: .*\(.* \[\/.* by ([-a-z0-9]+\.)*your.isp\>
* MATCH ?? ^\/[0-9.]+
{ IP = $MATCH }
# If that didn't match then they changed the format of the
# Received: header! Send mail to yourself, or something.
:0 Eci
| echo "Received: header format changed. Fix your .procmailrc!" | \
Mail -s "procmailrc problem" $LOGNAME
Philip Guenther