Anant Kumar
2021-02-18 13:14:46
The Graph API response looks something similar to the following and the Authentication-Results gives me the relevant origin Sender IP -
{
"@odata.context":"<some-value>",
"@odata.etag":"<some-value>",
"id":"<some-value>",
"internetMessageHeaders":[
{
"name":"MIME-Version",
"value":"1.0"
},
{
"name":"Content-Type",
"value":"multipart/report"
},
{
"name":"x-custom-header-group-name",
"value":"Washington"
},
{
"name":"x-custom-header-group-id",
"value":"WA001"
},
{
"name":"Receiver",
"value":"<some-ip>"
},
{
"name":"Receiver",
"value":"<some-ip>"
},
{
"name":"Authentication-Results",
"value":"spf=pass (sender ip is <some-ip>)...,"
}
]
}
Now, all you need is a regex to extract -
- Get the value present in
Authentication-Results - Use the Regex -
\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}to extract IP, use the first occurence of the match with regex.