#!/usr/bin/perl
# Rik Farrow, 04/22/04
# NOTE:  On Redhat 8 and 9, must use export LANG=en_us; scriptname
# or pattern matching fails when UTF8 characters encountered.
# find first Received line in each spam, output only the domain name
# resolved by my own server (found in front of [square brackets],
# and within (parentheses), as in 
# Received: from adsl-68-74-0-203.dsl.sfldmi.ameritech.net (adsl-68-74-0-203.dsl.sfldmi.ameritech.net [68.74.0.203])
# Spammassassin may resend spam internally, making the sender localhost,
# so the script looks for the next Received line in that case.

$file=0;
File: while ( $file++ < 28390 ) {
	open(SPAM, "$file") || die "Could not open $file";
	SA: while (<SPAM>) {
		if (m/^Received/)  { 
			next SA if /localhost/;  # if Spamassassin caught 
			$received = $_;		 # this, go for next Rcvd
			close(SPAM); 
		}
	}
	$_ = $received;
	next File if /unknown/;
	($first, $second) = split /\(/; # $received
	($domain, $first) = split / /, $second;
	@parts = split /\./, $domain;
	if ( length $parts[-1] == 2 ) { # two letter country domain
		print  $parts[-3], ".", $parts[-2], ".", $parts[-1], "\n";
	} else {
		print  $parts[-2], ".", $parts[-1], "\n";
	}
}