How to Ignore an email address with this script.

dru145 has asked for the wisdom of the Perl Monks concerning the following question:

I've been away from the game awhile writing some crapy policies and what not, so I'm a bit rusty. I need help with a script that I use to lookup email addresses via whois. The people at APNIC are quite upset at me. When a whois query is performed for an ip such as: 202.60.248.84 this is what is returned:

inetnum              202.60.224.0 - 202.60.251.255
netname              CYBEREC-HK
descr                Cyber Express Communication Ltd.
descr                Internet Services Provider
descr                Broadband Internet Access Service
country              HK
admin-c              PC2-AP, inverse
tech-c               PC2-AP, inverse
mnt-by               APNIC-HM, inverse
mnt-lower            MAINT-HK-CYBEREC, inverse
changed              hostmaster@apnic.net 20000405
source               APNIC


person               Peter Chow, inverse
address              Cyber Express Communication Ltd.
address              Room 3, 7/F, Perfect Ind. Building
address              31 Tai Yau Street, Sanpokong, Kowloon
country              HK
phone                +852-2353-1445
fax-no               +852-2353-1105
e-mail               hkptc@cyberec.com, inverse
nic-hdl              PC2-AP, inverse
mnt-by               MAINT-HK-CYBEREC, inverse
changed              hkptc@cyberec.com 20000407
source               APNIC
[download]

My script captures the first email address, which works about 90% of the time, but I don't want it to caputer hostmaster@apnic.net, but rather the second one. I would like to have a list of email addresses in an array that are ignorned, but I'm not quite sure how to do it. It would also be nice if I could capute the second email instead. I was messing around with last and next, but I don't believe these will work because this is not a while loop.

Here is the script:

#!/usr/bin/perl -w
 
use strict;

my $arin="/usr/bin/whois -h whois.arin.net";
my $ripe="/usr/bin/whois -h whois.ripe.net";
my $apnic="/usr/bin/whois -h whois.apnic.net";
my $krnic="/usr/bin/whois -h whois.krnic.net";

my $email;
my $domain;
my $result;
 
my $ips = "203.197.64.42";
 
whois($ips);
 
sub whois{
 
my $ip = $_[0];
$result =  `$arin $ip`;
 
if ($result =~ m/European Regional Internet Registry/){
   $result = `$ripe $ip`;
     if (match()){
 } #close if match
} #close if result
 
elsif ($result =~ m/Asia Pacific Network Information Center/){
    $result = `$apnic $ip`;
    if ($result =~ m/hostmaster\@apnic.net/){
    last;
    }#end if
    if ($result =~ m/Allocated to KRNIC Member/){
    $result = `$krnic $ip`;
   } #end KRNIC match
    if (match()){
 } #end if match
} #end elsif
 
elsif (handles($arin)){
  if (match()) {
 } #end if match
} #end elsif
 
elsif (($email, $domain) = $result =~ m/([-.\w]+)(\@[-.\w]+)/) {
     print "The 1st email address is: $email$domain\n";
     print "Email will also be sent to: abuse$domain\n";
} #end elsif
 
else {
   print "Can not perform a whois query for $ip\n;"
 } #end else
} #close whois sub
 
###############
# Subroutines #
###############
 
# whois: Obtain an email address from a whois query
#
 
sub match {
  ($email, $domain) = $result =~ m/([-.\w]+)(\@[-.\w]+)/;
     print "The 1st email address is: $email$domain\n";
     print "Email will also be sent to: abuse$domain\n";
} #end sub match
 
# handles: Obtain the handles from a whois query
#
 
sub handles {
  my $registry = $_[0];
  $result =~ m/xxx/;
  my @handle = $result =~ m/\((.*?)\)/g;
    $result = `$registry $handle[1]`;
} #end handles
[download]

I know the regex to capture the email address is not going to work 100% of the time, but it hasn't failed me yet.

TIA

-Dru

Comment on How to Ignore an email address with this script. Select or Download Code

Replies are listed 'Best First'.
Re: How to Ignore an email address with this script. by frankus (Priest) on Nov 16, 2001 at 23:04 UTC
How about Procmail?... Ah, you want to mung data from whois :) /me hopes the names, phone numbers etc. have been changed to protect the innocent. OK, I'll profess to only understanding a little of why you're posting this, is it a CUFP?, it'd really help us and your future self to use comments to describe the process being undertaken and indent subroutines too, okay lecture over, sorry if you didn't need to hear it ;) I've altered the code to make it fit in a smaller space and hopefully be more legible, I've trimmed the logic processes, but not tested it, so it's clearer to me and anyone who follows: what it is you're doing: #!/usr/bin/perl -w use strict; my $arin="/usr/bin/whois -h whois.arin.net"; my $ripe="/usr/bin/whois -h whois.ripe.net"; my $apnic="/usr/bin/whois -h whois.apnic.net"; my $krnic="/usr/bin/whois -h whois.krnic.net"; my $result; # Think about passingthese as params my $ips = "203.197.64.42"; whois($ips); sub whois{ my $ip = shift; $result = `$arin $ip`; if ($result =~ m/European Regional Internet Registry/){ $result = `$ripe $ip`; } elsif ($result =~ m/Asia Pacific Network Information Center/){ $result = `$apnic $ip`; if($result !~ m/hostmaster\@apnic.net/){ $result = `$krnic $ip` if $result =~ m/Allocated to KRNIC Me +mber/; } } elsif{ handles($arin) } print "Can not perform a whois query for $ip\n;" unless match(); } sub match { my ($email, $domain) = $result =~ m/([-.\w]+)(\@[-.\w]+)/; print "The 1st email address is: $email$domain\n"; print "Email will also be sent to: abuse$domain\n"; } sub handles { # Obtain the handles from a whois query my $registry = shift; $result =~ m/xxx/; # Seems to do nothing. my @handle = $result =~ m/$(.?)$/g; # Create array to get second + match. $result = `$registry $handle[1]`; } [download] -- Brother Frankus.* ¤	[reply] [d/l]
(sacked) Re: How to Ignore an email address with this script. by sacked (Hermit) on Nov 17, 2001 at 00:53 UTC
If you don't want to parse the email address yourself, visit CPAN and fetch Net::ParseWhois. `#!/usr/bin/perl -w use strict; use Net::ParseWhois; # also see Net::Whois my $dom = 'domain.com'; my $w = Net::ParseWhois::Domain->new($dom); unless ($w->ok) { warn "error: " . $w->{'error'} . "\n" if $w->{'error'}; die "No whois match for $dom\n"; } my $c = $w->contacts; # or BILLING or TECHNICAL my $email = (split / / => $c->{ADMINISTRATIVE}[0])[-1]; unless ( index( $email, '@' ) > -1 ) { ($email = $c->{ADMINISTRATIVE}[-1]) =~ s/^Email: //; } print "administrative email address: $email\n";` [download] --sacked	[reply] [d/l]
Re: (sacked) Re: How to Ignore an email address with this script. by dru145 (Friar) on Nov 17, 2001 at 01:49 UTC
sacked, Thanks for the suggestion, but neither Net::Whois or Net::ParseWhois can retrieve records by ip address which is what I need to do. I failed to mention that this script is part of a larger script that parses firewall log files for dropped traffic, creates an abuse email from a template, obtains the email address (from the above code), includes a snipet of log file for evidence, and sends it on its merrily way. It has been working really well except for this little issue. I would post the entire script, but it is 300 lines long and I've learned if you post too much code to perlmonks, most monks won't reply. -Dru	[reply]