[nflug] need idea

Nate Byrnes nate at qabal.org
Mon Feb 20 09:59:08 EST 2006 

How about matching the message id in your mail logs to see what the 
hostname or IP of the sender was. If using sendmail grep 
/var/log/maillog (or your configured location) for the message id from 
the email header. The last entry in the brackets should be the system 
which passed the email to your mailserver. Hope this helps.

Cyber Source wrote:
> Darin Perusich wrote:
>> why not just have the cron job that runs email you the info from 
>> ifconfig? assuming that your clients are using unix routes then 
>> "ifconfig -a |mail peter at thecybersource.com" should send you that 
>> info your looking for.
>>
>> Cyber Source wrote:
>>> Hello All,
>>> I need an idea where I can find the originating IP of an email. I 
>>> monitor alot of my clients servers, etc. and I have the cron jobs 
>>> and such email me, which I have filters for and then sort them by 
>>> who they are so things are organized. I also like to be able to help 
>>> my clients out from time to time and ssh in to do things and I would 
>>> like to not have to tell them to do a /sbin/ifconfig or if they are 
>>> behind a router, to go to my web site and then I have a look at 
>>> /var/log/httpd/access.
>>> For most of my clients, if I look at the message headers of the cron 
>>> emails, I can see the IP and then use that to log in, mostly cable 
>>> dhcp clients. However, I am finding more and more dsl dhcp clients 
>>> to be a problem because not only do they change alot (and normally 
>>> not a problem because each day has a new email) but when I look at 
>>> the dsl clients message headers I see something like this
>>>
>>> Return-Path: <root at thecybersource.com>
>>> Received: from localhost.localdomain 
>>> (pool-71-251-164-250.bflony.east.verizon.net [71.251.164.250])
>>> by thecybersource.com (8.13.1/8.13.1) with ESMTP id k1K9AHeL024738
>>>
>>> If this were cable, the ip would be 71.251.164.250 but this does not 
>>> seem to work with dsl, it is not reporting the actual ip that the 
>>> client used when the box sent the email.
>>>
>>> So, I am looking for a way to have a cron run or something on the 
>>> box that can send me a daily email showing the public ip they are 
>>> using. I initially thought of doing a cron that could do a 
>>> traceroute but I that doesnt work either. I don't know if something 
>>> has changed on routers today to block such a process but when I use 
>>> traceroute today, alot of it just times out with multiple ***.
>>> Anyway, ideas anyone?
>>> _______________________________________________
>>> nflug mailing list
>>> nflug at nflug.org
>>> http://www.nflug.org/mailman/listinfo/nflug
>>
> That doesnt help when they are behind routers, it only shows the 
> internal stuff, I need to know the public IP.
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
> !DSPAM:43f9d66b47272099511928!
>
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug

More information about the nflug mailing list