On Wednesday 06 June 2007 19:01, Marc Perkel wrote: > I'm looking for regular expressions that I can use in Received headers > to pick out IP addresses and use that to look up blacklist information > on mail that has been forwarded to me from other sources. Normally email > comes directly to my servers and that's easy to check the hosts for > blacklists. However when spam that is forwarded from other servers that > send good email the blacklists checks don't work. So I need to pull IP > addresses out of the Received headers to check where the message has been. > > So - What I need is a regular expression to grab say the second or third > IP address back in the list and stick that into a variable that I can > use then to look up against blacklists. Or perhaps grab the last, second > to the last IP addresses.
This sounds like *exactly* what SpamAssassin does, and does well (it has code
covering a variety of Received field formats, can be told which relays to
trust etc. (I think it can be a good idea to add those "other servers that
send good email" to internal_networks)). If you wish to avoid passing mail to
SA whenever possible, perhaps you can still reuse some code.
--
Magnus Holmgren [EMAIL PROTECTED]
(No Cc of list mail needed, thanks)
pgpHfnbLYg3NY.pgp
Description: PGP signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
