Aaron Schrab <aaron+procmail(_at_)schrab(_dot_)com> writes:
At 23:59 -0600, 17 Dec. 1997, Philip Guenther <guenther(_at_)gac(_dot_)edu>
wrote:
Since it's your ISP's system that's adding it, its format will be stable
as long as your ISP doesn't change MTAs, and the addresses shown can be
trusted. Note that since MTA always insert Received: headers _before_
any old ones, your ISP's will be the _first_ that matches the regexp:
^Received: .* by ([-a-z0-9]+\.)*your.isp\>
No, it would be LAST one that matches that. Any received headers
above that will generally be various mail servers within the ISP.
Okay, neither of us are correct: you want the last one that you're sure
was generated by your ISP, so that someone can't forge a Received:
header that looks like it was inserted by your ISP and that contains an
innocuous IP. With some ISPs there aren't any internal hops, and the
above will work. With others, the 'gateway' hosts all match some pattern
of hostname, so that you could change the regexp to something like:
^Received: .* by mailgate[0-9]+\.your\.isp\>
Looking up the MX records for the domain involved may be all that it
takes to figure out what the regexp should be.
If you're unlucky enough that the above doesn't work, then you'll have
to switch to the fully general line-by-line method, where you examine
each Received: header in turn. There will be zero or more "ISP
internal" Received: headers where both the "from" and "by" clauses list
ISP addresses, followed by exactly one "ISP entry" Received: header
where the "from" clause is external to your ISP but the "by" clause is
internal. It's this one you want to extract the IP from. This'll take
a recursive INCLUDERC to do within procmail, but if you base it on the
line-by-line INCLUDERC that someone has already written (whose name I
can't recall), it shouldn't be to nasty to get going.
However, if either of the previous two setups work, they'll be faster
and much easier to maintain, so try them first.
Philip Guenther