https://gnupit.net/perl/Recent content in Perl on The Gnu PitHugoen-USWed, 07 Nov 2012 19:51:24 -0500https://gnupit.net/posts/parse_mail_headers/Wed, 07 Nov 2012 19:51:24 -0500https://gnupit.net/posts/parse_mail_headers/<p>Here&rsquo;s a perl script I put together that uses Email::Simple to extract the headers from a message. See link below.</p> <p>I&rsquo;m using it to examine spam. It parses all the headers, with a focus on the Received headers. It should be easy to alter it to examine any header you want. As it is currently written, it:</p> <ol> <li>finds all the Received headers</li> <li>finds the first Received header that was added to the mail (presumably the header added by the first MTA that received it)</li> <li>extracts the IP from that header</li> <li>does an rDNS lookup</li> <li>if there&rsquo;s a hostname, it looks up the nameservers for the base domain.</li> </ol> <p>By &ldquo;base domain&rdquo; I mean that if the rDNS returns a hostname like &ldquo;1234.my.example.domain.com&rdquo;, the base domain would be &ldquo;domain.com&rdquo;.</p>