This is part of a regex that I wrote for a python script.
You'll certainly need to adapt it for perl and complete it for your own
mailservers/network but may be a good start.
As is, IP is the 3rd subgroup of th regex.
'Received:\ from\ ([\[\w\-_]+\.)*\w+\]?\s*\(([\w\-\_]+\.)*\w*\s*
\[((\d{1,3}\.){3}\d{1,3})\]\)\s+by\s+'
Le dimanche 13 septembre 2009 à 11:53 +0200, Peter a écrit :
> Hi
>
> On my system most spam/scams that escapes filter comes from freemail
> addresses, and i would like to filter harder on mail that comes from
> countrys like Nigeria, China etc. Hotmail and others have
> X-Originating-Ip: header that i can use, but yahoo puts ip in received:
> header, is it possible to grep the ip from the last received line within
> a acl?, like this
> Received: from [81.91.232.194] by web37004.mail.mud.yahoo.com via HTTP;
> Sat, 12 Sep 2009 21:15:38 PDT
>
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
