[nflug] need idea
John Nichel
john at kegworks.com
Mon Feb 20 09:47:34 EST 2006
Cyber Source wrote:
> Hello All,
> I need an idea where I can find the originating IP of an email. I
> monitor alot of my clients servers, etc. and I have the cron jobs and
> such email me, which I have filters for and then sort them by who they
> are so things are organized. I also like to be able to help my clients
> out from time to time and ssh in to do things and I would like to not
> have to tell them to do a /sbin/ifconfig or if they are behind a router,
> to go to my web site and then I have a look at /var/log/httpd/access.
> For most of my clients, if I look at the message headers of the cron
> emails, I can see the IP and then use that to log in, mostly cable dhcp
> clients. However, I am finding more and more dsl dhcp clients to be a
> problem because not only do they change alot (and normally not a problem
> because each day has a new email) but when I look at the dsl clients
> message headers I see something like this
>
> Return-Path: <root at thecybersource.com>
> Received: from localhost.localdomain
> (pool-71-251-164-250.bflony.east.verizon.net [71.251.164.250])
> by thecybersource.com (8.13.1/8.13.1) with ESMTP id k1K9AHeL024738
>
> If this were cable, the ip would be 71.251.164.250 but this does not
> seem to work with dsl, it is not reporting the actual ip that the client
> used when the box sent the email.
>
> So, I am looking for a way to have a cron run or something on the box
> that can send me a daily email showing the public ip they are using. I
> initially thought of doing a cron that could do a traceroute but I that
> doesnt work either. I don't know if something has changed on routers
> today to block such a process but when I use traceroute today, alot of
> it just times out with multiple ***.
> Anyway, ideas anyone?
I don't think it's a DSL thing as to not sending the IP. I'm on DSL
here, and the headers for this email _should_ have :
Received: from static-129-44-255-58.buff.east.verizon.net (HELO
?192.168.2.6?)
(129.44.255.58)
192.168.2.6 Being my internal IP, and 129.44.255.58 being our
router/outside ip address. I know what you're talking about though, I
see quite a few come thru these days which don't report the orginating
IP; just the IP of the mail server.
I kind of do what you're talking about though. At home, I'm on a
dynamic IP, and I have our servers locked down to where they will only
allow ssh connections from specific IP's. It got to be a pain in the
ass everytime my IP changed at home and I had to come into the office
just to change my home IP address. I set up an email account on one of
the servers that I can send an email too, and anytime mail hits that
account, it triggers a shell script. I have the script check certain
'security' measures in the email, and if all is right, it will edit
/etc/hosts.allow (not directly mind you...it edits a backup, then sudo's
the backup over to /etc). I'm running qmail on that box, but I'm sure
most modern mail servers will allow you to trigger a script.
.qmail-theaddress
>> |/usr/local/bin/script_to_parse_email
>> |/usr/bin/vdeliver
--
John C. Nichel IV
Programmer/System Admin (ÜberGeek)
Dot Com Holdings of Buffalo
716.856.9675
jnichel at dotcomholdingsofbuffalo.com
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug
More information about the nflug
mailing list