BLTT :: spam/received

received_from - find the last MTA hop

Thu, 25 Oct 2007

received_from parses any mbox style mailbox and prints out the IP address of the last MTA to connect to the given hostname. This list of IPs can be useful for generating black- or whitelists.

(version 0.20, updated 25 October 2007)

Usage:

formail -c -s < spam.mbx | received_from --days=30 --last_hop=my.hostname.tld --class_c | sort -u > $HOME/spammers

received_from will find all lines matching:

Received: ... by my.hostname.tld

and print the IP address that connected to it (the last relay before arriving at our server).

Download:

Options:

--help           this message
--version        show version and exit
--verbose        show lots of extra information (uses stderr)

--days=n         specifies how many days in the past to scan for
                 (default is 30). Messages older than 'n' days
                 will be skipped

--last_hop=host  IP addresses making connections to *this* host
                 will be printed (default = localhost)

--ignore=ip      ignore this ip address. Useful for skipping spam
                 that may have relayed from somewhere you don't
                 want to block. Patterns may be specified by
                 leaving off octets but keeping the trailing dot
                 (e.g., "212.42."). This option may be specified
                 multiple times. (default = 127.0.0.1)

--class_c        lump together class c addresses when c_limit is
                 hit

--c_limit=n      how many times a unique address in a class c
                 must appear before the whole class is banned

Notes:

formail is part of the procmail mail processing package, standard on most modern Unix-type systems (otherwise, freely available from procmail.org).

[ category: /spam | link: received_from ]

Better Living Through Thinking	home \| blog
received_from - find the last MTA hop Thu, 25 Oct 2007 received_from parses any mbox style mailbox and prints out the IP address of the last MTA to connect to the given hostname. This list of IPs can be useful for generating black- or whitelists. (version 0.20, updated 25 October 2007) Usage: formail -c -s < spam.mbx \| received_from --days=30 --last_hop=my.hostname.tld --class_c \| sort -u > $HOME/spammers received_from will find all lines matching: Received: ... by my.hostname.tld and print the IP address that connected to it (the last relay before arriving at our server). Download: <util/received_from> Options: --help this message --version show version and exit --verbose show lots of extra information (uses stderr) --days=n specifies how many days in the past to scan for (default is 30). Messages older than 'n' days will be skipped --last_hop=host IP addresses making connections to this host will be printed (default = localhost) --ignore=ip ignore this ip address. Useful for skipping spam that may have relayed from somewhere you don't want to block. Patterns may be specified by leaving off octets but keeping the trailing dot (e.g., "212.42."). This option may be specified multiple times. (default = 127.0.0.1) --class_c lump together class c addresses when c_limit is hit --c_limit=n how many times a unique address in a class c must appear before the whole class is banned Notes: formail is part of the procmail mail processing package, standard on most modern Unix-type systems (otherwise, freely available from procmail.org). [ category: /spam \| link: received_from ] Home \| Blog Home \| About BLTT Copyright 2005, Scott Wiersdorf	Audio Broadcast (standby) Moon Status Phase: 10.94% Illuminated: 11.35% Age (days): 3.23 Fri Mar 19 01:34:22 MDT 2010

Better Living Through Thinking

received_from - find the last MTA hop

Thu, 25 Oct 2007

Audio Broadcast

Moon Status