Re: spam processing
This program will only grab the most recent (last) Received: line's IP
address.
It can be modified to do more if you like, or you could just have it dump
its output to a file listing IPs and every night run it through sort & uniq.
-x-CUT-x
#!/usr/bin/perl
$names="name1|name2|name3";
while (<>)
{
if (/Received: from/) { $received = $_; }
if (/To:.*$names/i)
{
$received =~ s/(([0-9]{1,3}\.){3}[0-9]{1,3})/$1/;
$SpamIP = $1;
# If you want to print them out ...
print "$SpamIP\n";
}
}
-x-CUT-x
> i would like to process them automatically via a .qmail* file, and one
> thing i would like to extract automatically is the IP of the SMTP relay
> that sent the mail to our server. example:
> [...]
> so i would like to extract 194.206.111.65 from the line
> Received: from unknown (HELO srvweb.IMPI-GIPSI.FR) (194.206.111.65)
Re: spam processing
This program will only grab the most recent (last) Received: line's IP
address.
It can be modified to do more if you like, or you could just have it dump
its output to a file listing IPs and every night run it through sort & uniq.
-x-CUT-x
#!/usr/bin/perl
$names="name1|name2|name3";
while (<>)
{
if (/Received: from/) { $received = $_; }
if (/To:.*$names/i)
{
$received =~ s/(([0-9]{1,3}\.){3}[0-9]{1,3})/$1/;
$SpamIP = $1;
# If you want to print them out ...
print "$SpamIP\n";
}
}
-x-CUT-x
> i would like to process them automatically via a .qmail* file, and one
> thing i would like to extract automatically is the IP of the SMTP relay
> that sent the mail to our server. example:
> [...]
> so i would like to extract 194.206.111.65 from the line
> Received: from unknown (HELO srvweb.IMPI-GIPSI.FR) (194.206.111.65)
Re: spam processing
wolfgang zeikat <[EMAIL PROTECTED]> wrote: >so we keep receiving mails from all over this lovely planet for the non >existent users >michellep tonyak jenniferd barbik melindaa gabriellej barbis doloresz >melindab junem >(exciting isn't it) > >i would like to process them automatically via a .qmail* file, and one >thing i would like to extract automatically is the IP of the SMTP relay >that sent the mail to our server. For each user, create a ~alias/.qmail-username file containing: |extract_relay where "extract_relay" is a shell/awk/perl/whatever script that finds the relay IP address and logs it. Writing this script is beyond the scope of this list. >i am rather new at parsing ... and PERL? is that something you wear around >your neck? > >sorry if you consider this off topic, it certainly is part of my life with >qmail *g* It's not that I "consider" it off topic, it's that it *is* off topic. If it was a one-liner or something I could spout off the top of my head, I'd be happy to answer you, but it's not. You really should pick a scripting language, learn about it, and if you still need more help, contact a support forum for that language. -Dave
spam processing
sadly, one of our domains seems to have gotten onto one or more of those "Buy * Million first class spam recipients' email addresses NOW" lists/CDs. so we keep receiving mails from all over this lovely planet for the non existent users michellep tonyak jenniferd barbik melindaa gabriellej barbis doloresz melindab junem (exciting isn't it) i would like to process them automatically via a .qmail* file, and one thing i would like to extract automatically is the IP of the SMTP relay that sent the mail to our server. example: Return-Path: <[EMAIL PROTECTED]> Received: (qmail 28677 invoked by alias); 21 Sep 2000 01:26:51 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 28673 invoked from network); 21 Sep 2000 01:26:51 - Received: from unknown (HELO srvweb.IMPI-GIPSI.FR) (194.206.111.65) by 192.168.27.19 with SMTP; 21 Sep 2000 01:26:51 - Received: from cs28100-41.houston.RR.COM by srvweb.IMPI-GIPSI.FR with SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1457.7) id S52XFY3D; Thu, 21 Sep 2000 00:07:33 +0200 DATE: 20 Sep 00 5:08:51 PM FROM: [EMAIL PROTECTED] Message-ID: SUBJECT: get shopping discounts, improve your quality of life so i would like to extract 194.206.111.65 from the line Received: from unknown (HELO srvweb.IMPI-GIPSI.FR) (194.206.111.65) i am rather new at parsing ... and PERL? is that something you wear around your neck? sorry if you consider this off topic, it certainly is part of my life with qmail *g* cheers wolfgang
