【问题标题】:Parsing email sending IP via last Received: from header解析通过 last Received: from header 发送 IP 的电子邮件
【发布时间】:2016-10-22 07:43:28
【问题描述】:

我希望利用 Received: from 标头解析电子邮件标头中的最后一个 IP 地址。我正在寻找最后收到的:来自标头并识别任何 IP。我下面的代码似乎不起作用,因为收到的“{}等”中有许多特殊字符。我也遇到了 ip 可能不在同一行的问题。有没有办法轻松识别电子邮件标头中的最后一个发送 IP,它可能位于单独的行中?

这是我最初使用的:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Text.RegularExpressions;
using System.Net;
using System.IO;

namespace IP
{
    class Program
    {
        static void Main(string[] args)
        {
            int counter = 0;
            string line;
            System.IO.StreamReader file =
                new System.IO.StreamReader("C:\\ip.txt");

            while ((line = file.ReadLine()) != null)
            {
                const string x_orig_ip = "Received: from";
                line = line.Trim();
                if (line.StartsWith(x_orig_ip, StringComparison.OrdinalIgnoreCase))
                {
                    string sIpAddress = line.Substring(x_orig_ip.Length, line.Length - x_orig_ip.Length).Trim(new char[] { ' ', '\t', '[', ']', '(', ')' });
                    var ipAddress = System.Net.IPAddress.Parse(sIpAddress);
                    Console.WriteLine(ipAddress);
                    counter++;
                }
            }

            Console.ReadLine();
        }
    }
}

所以从下面的标题中,我想通过最后收到的获取 101.123.148.12:来自条目:

Received: from test (subdomain.domain.com [192.168.0.1])
  Mon, 20 Jun 2016 10:46:57 -0400 (EDT)
Received: from test123 ([192.168.0.1])
  by test.test; Mon, 20 Jun 2016 10:46:57 -0400
Received: from test.engine.com (localhost [127.0.0.1])
  by test.testty.com (Postfix) with ESMTP id ABCDEF
  for <cpound@stackoverflow.com>; Sun, 19 Jun 2016 09:06:35 -0400 (EDT)
Received: from test.message.com (localhost [127.0.0.1])
    by from test.message.com (Authentication) with ESMTP
    Sun, 19 Jun 2016 09:06:35 -0400  
Authentication-Results: 
    spf=none smtp.mailfrom= smtp.helo
Received-SPF: none
    (192.168.0.1: No applicable sender policy available)
Received: from 192.168.0.1 (unknown [192.168.0.1])
  by with SMTP
Received: from unknown (HELO localhost)
  by 101.123.148.12 with ESMTPA; Sun, 19 Jun 2016 10:00:20 -0300
X-Originating-IP: 101.123.148.12
From: test@test.net
To: cpound@stackoverflow.com
Subject: Test
Date: Sun, 19 Jun 2016 09:56:41 -0300

【问题讨论】:

标签: c# email parsing


【解决方案1】:

你可以试试这个正则表达式:

var re = new RegEx(@"Received: (.|\n  )*([^\d](\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))+", RegExOptions.Multiline);
var matches = re.Matches(headers);
if(matches.Count>0)
{
   var group = matches[matches.Count-1].Groups[3];
   string ip = group.Captures[group.Captures.Count-1].Value;
   // do something with ip...
}

其中 headers 是保存所有标题的字符串变量(不仅仅是一行)。

它会将 Received 标头中的所有 IP 地址提取到捕获组 3 中。获取最后一个匹配项的最后一个捕获以获得您想要的。

请注意,您通常不会考虑 101.123.148.12,因为没有标头表明消息是从 101.123.148.12 收到的,而是消息是由 收到的,这是完全不同的。

【讨论】:

    猜你喜欢
    • 2014-04-11
    • 2014-03-22
    • 2021-08-25
    • 1970-01-01
    • 2012-01-07
    • 2012-04-27
    • 2016-07-04
    • 2018-09-19
    相关资源
    最近更新 更多