[Mimedefang] Real sender address ??
David F. Skoll
dfs at roaringpenguin.com
Thu Dec 4 08:25:40 EST 2003
On Thu, 4 Dec 2003, Steffen Kaiser wrote:
> As David already lined out, it makes no sense to find the _first_
> Received: Header (because all these headers are inserted by the sender
> and are possibly fakes), but the first entry you know is good.
Actually, you can trust any Received: header that was inserted by a machine
you control or trust.
You also have to watch out for machines that use a (sometimes bogus) IP
address in their HELO string; this can make parsing the Received: headers
tricky.
I looked at several hundred e-mails to tune my regular expressions to pick
out the proper address under any situation I encountered.
Regards,
David.
More information about the MIMEDefang
mailing list