Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

petdance (2468)

petdance
  andy@petdance.com
http://www.perlbuzz.com/
AOL IM: petdance (Add Buddy, Send Message)
Yahoo! ID: petdance (Add User, Send Message)
Jabber: petdance@gmail.com

I'm Andy Lester, and I like to test stuff. I also write for the Perl Journal, and do tech edits on books. Sometimes I write code, too.

Journal of petdance (2468)

Monday December 29, 2003
09:35 PM

Log mangling script #4,308

[ #16546 ]
Today I cranked out this one to analyze my Postfix log to see who's been spamming me, or at least sending to non-existent addresses:

#!/usr/bin/perl -w

use strict;

my %count;
my %ips;

while (<>) {
    next unless
        /reject:\sRCPT\sfrom\s
            ([^[]+)     # Host name
            \[          # open bracket
            ([^]]+)     # IP addr
            \]          # Closing bracket
        /x;

    my ($host,$ip) = ($1,$2);

    $ips{$host}->{$ip}++;
    ++$count{$host};
}

for my $host ( reverse sort { $count{$a} <=> $count{$b} } keys %ips ) {
    my $ips = $ips{$host};
    my @ips;
    for my $ip ( sort keys %$ips ) {
        my $str = $ip;
        $str .= " ($ips->{$ip})" if $ips->{$ip} > 1;
        push @ips, $str;
    }
    printf( "%5d %s: %s\n", $count{$host}, $host, join( ", ", @ips ) );
}

which then spews out stuff like

   29 unknown: 12.13.183.118 (3), 149.2.82.131, 194.2.162.233 (4), 195.19.7.12 (4), 200.30.30.3 (6), 207.107.230.2, 209.113.209.251, 209.217.53.78, 213.136.114.45, 213.171.58.74, 218.80.107.179, 66.9.236.226 (3), 81.176.96.138 (2)
   22 rcpt-expgw.biglobe.ne.jp: 202.225.89.163 (3), 202.225.89.169 (4), 202.225.89.178 (4), 202.225.89.181 (8), 202.225.89.197 (3)
    6 gw1.cox.com: 206.157.230.254 (6)
    5 mars.the-fa.org: 213.208.88.211 (5)
    4 athene-alt0.heanet.ie: 193.1.219.94 (4)
    4 pluton.alcotra.ch: 194.38.177.82 (4)
    4 mail6.bluewin.ch: 195.186.4.229 (4)
    3 mailscanner2.comtrol.com: 204.73.219.79 (3)
    3 badboy.mail.pas.earthlink.net: 207.217.120.20 (3)
    3 zux221-017-062.adsl.green.ch: 81.221.17.62 (3)

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.