#!/bin/bash # Script by Francisco Lobo, #+ and slightly modified and commented by ABS Guide author. # Used in ABS Guide with permission. (Thank you!) # This script will not run under Bash versions -lt 3.0. E_MISSING_ARG=87 if [ -z "$1" ] then echo "Usage: $0 mailbox-file" exit $E_MISSING_ARG fi mbox_grep() # Parse mailbox file. { declare -i body=0 match=0 declare -a date sender declare mail header value while IFS= read -r mail # ^^^^ Reset $IFS. # Otherwise "read" will strip leading & trailing space from its input. do if [[ $mail =~ ^From ]] # Match "From" field in message. then (( body = 0 )) # "Zero out" variables. (( match = 0 )) unset date elif (( body )) then (( match )) # echo "$mail" # Uncomment above line if you want entire body #+ of message to display. elif [[ $mail ]]; then IFS=: read -r header value <<< "$mail" # ^^^ "here string" case "$header" in [Ff][Rr][Oo][Mm] ) [[ $value =~ "$2" ]] && (( match++ )) ;; # Match "From" line. [Dd][Aa][Tt][Ee] ) read -r -a date <<< "$value" ;; # ^^^ # Match "Date" line. [Rr][Ee][Cc][Ee][Ii][Vv][Ee][Dd] ) read -r -a sender <<< "$value" ;; # ^^^ # Match IP Address (may be spoofed). esac else (( body++ )) (( match )) && echo "MESSAGE ${date:+of: ${date[*]} }" # Entire $date array ^ echo "IP address of sender: ${sender[1]}" # Second field of "Received" line ^ fi done < "$1" # Redirect stdout of file into loop. } mbox_grep "$1" # Send mailbox file to function. exit $? # Exercises: # --------- # 1) Break the single function, above, into multiple functions, #+ for the sake of readability. # 2) Add additional parsing to the script, checking for various keywords. $ mailbox_grep.sh scam_mail MESSAGE of Thu, 5 Jan 2006 08:00:56 -0500 (EST) IP address of sender: 196.3.62.4