Poco Forums

[Eric]

Eric,
Thanks. I hadn't noticed that "here" was a link.

You're welcome Scott.

The script returns 127.0.0.1. I have been using the first address in brackets, 67.15.196.12. I don't know enough to know what the difference is. If anyone has a [simple] explanation I would appreciate it.

127.0.0.1 = localhost
Default name describing the local computer address also known as the loopback address of the computer.
It means it's your own computer.

Edit: Removed WHOIS info

[FieldDir121]

Eric,

Thanks. It isn't so much as who the ip address belongs to as which one to use. The script seems to get the first address rather than the most recent (who actually sent it to me). I will have to figure out how to change that.

Scott

[Eric]

Eric,
Thanks. It isn't so much as who the ip address belongs to as which one to use.

My mistake, sorry.

The script seems to get the first address rather than the most recent (who actually sent it to me). I will have to figure out how to change that.

Maybe someone with more knowledge about scripts can help you sort it out.

[Michael]

Eric,

Thanks. It isn't so much as who the ip address belongs to as which one to use. The script seems to get the first address rather than the most recent (who actually sent it to me). I will have to figure out how to change that.

Scott

See the DisplayOriginatingIPAddress script from the extras area.

[FieldDir121]

Michael and Eric,

The comments in DisplayOriginatingIPaddress indicate it is intentionally displaying the oldest (originating) IPaddress for spam purposes. Not sure how well that would have worked since that can end up being the local network IPaddress.

I created a modified version that displays the most recent address, DisplayMostRecentIPaddress.

I looked through the scripts in the extras area again. I didn't notice any that copied anything from a message to a file but I could have easily missed them. If you know of any I would appreciate a referral to use as a starting point.

Scott

[ferent]

I created a modified version that displays the most recent address, DisplayMostRecentIPaddress.

Could you copy in that forum?

[Eric]

I looked through the scripts in the extras area again. I didn't notice any that copied anything from a message to a file but I could have easily missed them. If you know of any I would appreciate a referral to use as a starting point.

Couldn't find anything either, but maybe it's possible from within the script.

Good suggestion Alfredo.

Paste it between the Code tags.

Thanks in advance.

[FieldDir121]

The code is below. I tried using both spaces and tabs but they are all converted to a single space in the preview window. I can send the script as a file so that the indentations and comment spacing will be preserved. Every line is commented since I am still learning. Once I get more proficient the comments will be less prolific.

If the code fails to find the received line or the brackets it just goes on anyway. Error handling didn't seem worth it at this point. I may add it later when I finish the file handling portion.

I cleaned up the subject portion. DisplayOriginatingIPaddress truncated the last two characters from the subject. I also added single quotes around the subject (because I didn't know how to add double quotes). Also, I found the lower case L a bit confusing as it resembles a 1 in some fonts, so I changed it to a "z".

I included the square brackets because I like them. Also, my filter sees this: [192.168.1.1] differently than it sees this: 192.168.1.1. 192.168.1.1 can be anything from 192.168.1.10 to 192.168.1.19 and 192.168.1.100 to 192.168.1.199. The brackets restrict the address to a single value. Since this will be an automated extraction script I do not want to unintentionally include any addresses not specifically targeted. So far my false positive rate seems to be zero (0) in over six months.

[code]
{ DisplayMostRecentIPAddress - Version 1.00
{ Author: Scott Taylor - January, 19, 2006
{
{ Used DisplayOriginatingIPAddress - Version 1.00 as a starting point
{ Author: Michael Motek - July 27, 2001
{
{ Purpose: Extract the most recent IP address from the receive header to gather addresses used
{ by spam sources.
{
{ Method: The script finds the first (most recent) "Received" header of a message. The string in that
{ line bracketed by square brackets ("[" and "]") is reported along with the message subject.

ReadAllHeaders $headers %message { put entire header of current message into variable "$headers"
Set $MostRecentIPAddr "" { clear variable $MostRecentIPAddr
:RcvdLoop
LocateLine #z "Received:" $headers { finds the first occurance of "Received:" in $headers
If #z < 0 Then Done { done if not found, don't bother with error handling
GetLine $line #z $headers { put line number in $line
StringPos #z "[" $line { find opening bracket
If #z = 0 Then done { done if not found
Dec #z { decrement to leave opening bracket
ChopString $line 1 #z { delete characters before opening bracket
StringPos #z "]" $line { find closing bracket
If #z = 0 Then done { done if not found
Inc #z { increment to leave closing bracket
ChopString $line #z 9999 { delete everything after closing bracket
Set $MostRecentIPAddr $line
:Done

ReadHeader $subject "Subject:" %message { get subject line, put in variable $subject
Set $msg "The most recent IP address for message '" { put string in $msg
AddStrings $msg $subject "' was: " $MostRecentIPAddr { put strings together for display
MessageBox $msg { display message

[/code]

[FieldDir121]

For those interested in this topic, I have the ip address being saved to a file. The new address is being added to the beginning. Optional code to add it to the end is included but commented out.

I will post the final code after I test it a bit more. It only took a couple of lines to handle the file I/O.

I would like to be able to post the code with the [comment] spacing intact. If someone can tell me how to do that I would appreciate it.

Mostly this script will be run from a filter. I would also like to know how to run it from a button for messages I determine are spam that are not caught by the filter and end up in my mailbox.

Scott

[FieldDir121]

Eric,

I have a cleaned up version of DisplayMostRecentIpAddress with some minor error checking added. This can be tested by trying it on an outgoing message.

AddIPAdrToFile is also ready. I have it running automatically on messages my filters consider spam and have a button assigned to it for messages the filters didn't catch that I decide are spam.

What I need now is to know how to post code with spacing intact.

Scott

[Bruce]

You need to make sure that BBCode is On for your message.

[Eric]

What I need now is to know how to post code with spacing intact.

Scott, Bruce is right.
You need to enable BBCode in your Profile.

Also it's a good idea to post your script here, so other script guru's
can give you recommendations to make it even better.

[FieldDir121]

Here is the latest version of DisplayMostRecentIPAddress. Try it on an outgoing message to trigger the error handling. Not sure if an incoming message can ever not have a received address in brackets, but I added the code anyway.

Comments, suggestions and improvements are welcome.

Code: Select all

{  DisplayMostRecentIPAddress - Version 1.10
{  Author: Scott Taylor - January 20, 2006
{  V 1.10: Cleaned it up a bit and added minor error handling.
{
{  Used DisplayOriginatingIPAddress - Version 1.00 as a starting point
{  Author: Michael Motek - July 27, 2001
{
{  Purpose: Extract the most recent IP address from the receive header and display.
{
{  Method: The script finds the first (most recent) "Received" header of a message. The string in that
{  line bracketed by square brackets ("[" and "]") is reported along with the message subject.

ReadAllHeaders $headers %message     { put entire header of current message into variable "$headers"
Set $MostRecentIPAddr ""             { clear variable $MostRecentIPAddr
LocateLine #z "Received:" $headers   { finds the first occurance of "Received:" in $headers
If #z < 0 Then Skip                  { if not found say so
GetLine $line #z $headers            { put line number in $line
StringPos #z "[" $line               { find opening bracket
If #z = 0 Then Skip                  { if not found say so
Dec #z                               { decrement to leave opening bracket
ChopString $line 1 #z                { delete characters before opening bracket
StringPos #z "]" $line               { find closing bracket
If #z = 0 Then Skip                  { if not found say so
Inc #z                               { increment to leave closing bracket
ChopString $line #z 9999             { delete everything after closing bracket
Set $MostRecentIPAddr $line

ReadHeader $subject "Subject:" %message              { get subject line, put in variable $subject
Set $msg "The most recent IP address for message '"  { put string in $msg
AddStrings $msg $subject "' was: " $MostRecentIPAddr { put strings together for display
MessageBox $msg                      { display message
GoTo done

:Skip
Set $msg "Received IP Address not found" { insert error message
MessageBox $msg                          { display error message

:done


[FieldDir121]

Here is AddIPAddressToFile. I have had it running for a little over a day. It appears to work as expected both automatically when called by filters and manually when initiated with the button. Since it will run many times in a very short period, the message box portion was eliminated so operator attention wouldn't be required.

Comments, suggestions and improvements welcome.

Code: Select all

{  AddIPAdrToAdrFile - Version 1.00
{  Author: Scott Taylor - January 20, 2006
{
{  Used DisplayOriginatingIPAddress - Version 1.00 as a starting point
{  Author: Michael Motek - July 27, 2001
{
{  Purpose: Save IP addresses from spam e-mails to a file to use as a filter for future incoming e-mails.
{
{  Method: The script finds the first (most recent) "Received" header of a message. The string in that
{  line bracketed by square brackets ("[" and "]"), the IP address, is added to a file.

ReadAllHeaders $headers %message     { put entire header of current message into variable "$headers"
Set $MostRecentIPAddr ""             { clear variable $MostRecentIPAddr
LocateLine #z "Received:" $headers   { finds the first occurance of "Received:" in $headers
If #z < 0 Then Skip                  { skip adding new address if not found
GetLine $line #z $headers            { put line number in $line
StringPos #z "[" $line               { find opening bracket
If #z = 0 Then Skip                  { skip adding new address if not found
Dec #z                               { decrement to leave opening bracket
ChopString $line 1 #z                { delete characters before opening bracket
StringPos #z "]" $line               { find closing bracket
If #z = 0 Then Skip                  { skip adding new address if not found
Inc #z                               { increment to leave closing bracket
ChopString $line #z 9999             { delete everything after closing bracket
Set $MostRecentIPAddr $line          { this is a bit redundant but I like the string name

Set $FileName "..\SpamAddress.txt"   { use Pocomail main directory
{  Use the next three lines to add the new address to the beginning of the file.
OpenBody $ExistingAdrs $FileName              { get existing file contents
InsertLine $ExistingAdrs 1 $MostRecentIPAddr  { insert new address at the beginning of the file
SaveBody $ExistingAdrs $FileName              { Save updated list, overwritting the old file.

{  Use the next two lines to add the new address to the end of the file
{AppendToFile True                             { set to append rather than overwrite
{SaveBody $MostRecentIPAddr $FileName          { add new address to exsiting file
:Skip


[ferent]

I will try, I´m very interested in that!!