for example, simplifying:
Received: from ([155.210.11.99]) .................. Received: from ([155.210.11.66]) by ............... Received: from ([193.180.251.253]) by ............. Received: from ([158.234.34.23]) by ...............
155.210.11.99 and 155.210.11.66 are internal IPs to my organization I want to obtain the IP: 193.180.251.253
Does anybody know as I can obtain this IP?
I'd assume that the "by" part of the line in question is always your external MX, or one of your external MXes. You can grep your mail for the by half of the line, then parse out the From parts.
ie: at work I have received headers like this (ripped off one of my list postings:
Received: from mkettler-xpmain.evi-inc.com (tcp-6-249.evi-inc.com [10.0.6.249])
by xanadu.evi-inc.com (8.12.8/8.12.8) with ESMTP id i41FURox001922;
Sat, 1 May 2004 11:30:27 -0400
I just do:
grep -B1 "by xanadu\.evi\-inc\.com \(8\.12\.8\/8\.12\.8\) with" mailbox.mbx
Which gets me output like this:
Received: from mkettler-xpmain.evi-inc.com (tcp-6-249.evi-inc.com [10.0.6.249])
by xanadu.evi-inc.com (8.12.8/8.12.8) with ESMTP id i41FURox001922;
If I re-grep the output for Received:, I'll just get the line of interest:
grep -B1 "by xanadu\.evi\-inc\.com \(8\.12\.8\/8\.12\.8\) with" mailbox.mbx | grep Received\:
Received: from mkettler-xpmain.evi-inc.com (tcp-6-249.evi-inc.com [10.0.6.249])
