From 635ba3e91b6eead24773e596d0cf487672a39195 Mon Sep 17 00:00:00 2001
From: Oliver Ladner <waste@lugh.ch>
Date: Thu, 12 Jan 2017 21:47:27 +0100
Subject: [PATCH] mail_get_sender_ip.sh: find (probably) original sender IP
 based on mail header

---
 mail_get_sender_ip.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100755 mail_get_sender_ip.sh

diff --git a/mail_get_sender_ip.sh b/mail_get_sender_ip.sh
new file mode 100755
index 0000000..06a9a16
--- /dev/null
+++ b/mail_get_sender_ip.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+#
+# Extracts the IP address from the first 'Received:' header
+dir="$1"
+
+if [ -z $dir ]; then
+	echo "Usage: $(basename $0) <path-to-mailbox>"
+	exit 1
+fi
+for spammail in $(find "$dir" -type f); do grep '^Received:' $spammail | tail -1; done | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'