[ quoted text reformatted to fit in 80 columns ]
At 16:31 -0600, 02 Feb. 1998, Matthew G. Saroff
<matthew(_dot_)saroff(_at_)lmco(_dot_)com> wrote:
That being the case, can anyone out there figure out a good way get
the IP address or domain (after all, NSLookup can get the IP from
that) this from a non privileged user's account reliably?
There isn't a *good* way, but depending on your mail setup, there might
be a way. I currently grab the IP address from the first Received:
header inserted by my ISP (I'm a sysadmin at the ISP, so I have a good
knowledge of how mail gets passed around internally). Here's the recipe
that I use:
# if there's a Received: header from one of these servers, it's
# (probably) the right one
BACKUPSERVER="([yz]\.mx\.execpc\.com)"
# Otherwise, if it went through one of these, that's the one
VIRTSERVER="(vm[0-9]+\.mx\.execpc\.com)"
# else it must be one of these
LOCALSERVER="([abc]\.mx\.execpc\.com)"
# a variable to match space characters
S="[ ]"
NL="
"
# Match a header containing:
# Received: <anything> [<ip address>]) by <local server>
:0
* $ 9876543210^0 ^Received:.*\[\/[0-9.]+\]\)$S+by$S+${BACKUPSERVER}
* $ 9876543210^0 ^Received:.*\[\/[0-9.]+\]\)$S+by$S+${VIRTSERVER}
* $ 9876543210^0 ^Received:.*\[\/[0-9.]+\]\)$S+by$S+${LOCALSERVER}
{
IP = $MATCH
# trim it down to just the IP address
:0
* IP ?? ^^\/[0-9.]+
{
IP = $MATCH
:0W
* ! ? /home/aarons/bin/rblcheck -q $IP
{ SPAMR="$SPAMR $IP is rbl'd$NL" }
}
IP
}
But, this depends both upon the format of the Received: lines, and the
way that mail passes through your mail system.
--
Aaron Schrab aaron(_at_)schrab(_dot_)com http://www.execpc.com/~aarons/
Profanity is the one language all programmers know best.