|
|
| jakari's blog | home | jakari | gallery |
Extracting IPs of mail relays sending to non-existent addresses
This should read a sendmail maillog and produce a list of relay IP addresses which have caused a 550 error (usually invalid recipient address) three or more times over the timespan of the logfile.
grep "reject=550" maillog | awk -F "[" '{print $3}' | sed -e 's/\].*//' | sort | uniq -c | awk '{ if ($1 >= 3) print $2}'
Step 2, make it into a DNS zone for use as a dnsbl.
