Script: Parse Mail Headers
Here’s a perl script I put together that uses Email::Simple to extract the headers from a message. See link below.
I’m using it to examine spam. It parses all the headers, with a focus on the Received headers. It should be easy to alter it to examine any header you want. As it is currently written, it:
- finds all the Received headers
- finds the first Received header that was added to the mail (presumably the header added by the first MTA that received it)
- extracts the IP from that header
- does an rDNS lookup
- if there’s a hostname, it looks up the nameservers for the base domain.
By “base domain” I mean that if the rDNS returns a hostname like “1234.my.example.domain.com”, the base domain would be “domain.com”.