Skip to main content

List all sender, receiver addresses for successful relay IPs

(2024-11-22)

mkdir tmp.$$
cd tmp.$$
for z in /var/log/maillog ;
  do for i in `grep stat= $z | awk '{print $6}' | sort -u` ; do
    echo $i # this is the message transaction ID
    grep $i $z | egrep -i 'Hello|rcpt to|mail from' > $i
  done
done
mkdir ../out.$$
for j in `ls | cat` ; do
  export IP=`grep Hello $j | sed -e 's/^.*\[//' -e 's/\].*$//'`
  grep -i from: $j | sed -e 's/^.*FROM:/FROM:/' >> ../out.$$/$IP
  grep -i to: $j |sed -e 's/^.*TO:/TO:/' >> ../out.$$/$IP
done
cd ../out.$$
for x in `ls` ; do
  cp $x a
  sort -u < a > $x
  rm -f a
done

Now you have a bunch of files named for IP addresses. Each one contains a list of all senders and all recipients for that IP address. This should be enough to get an idea of who is using this IP address to relay mail through your system.