Associating From Addresses To Inbound IP Addresses
Problem
I want to know what the smtp "From" addresses are for the IP addresses relaying email through my system.Hacky Solution
mkdir 1 2 3 output
# dir 1 contains one file for each smtp transaction
for i in `grep stat=Sent /var/log/maillog | awk '{print $6}' | sed -e 's/://' | sort` ; do echo -n .; grep $i /var/log/maillog > 1/$i; done
# dir 2 contains plausible sender address strings for each IP address
for i in `grep Hello 1/* | sed -e 's/^.* [//' -e 's/].*$//' | sort -V -u` ; do echo $i ; for j in `grep -l $i 1/*` ; do grep -i From $j >> 2/$i ; done ;done
# dir 3 contains just email addresses for each IP address
cd 2
for i in * ; do sed -e 's/^.*<//' -e 's/>.*$//' < $i >> ../3/$i ; done
# dir output contains a unique sorted list of teh email address strings.
# the "grep" expression lets you trim off the smtp transaction ID that will also be in these files.
cd ../3
for i in * ; do grep -v relay.mydomain.com $i | sort -u > ../output/$i ; doneYes
It's ugly. There's no problem I can't make ugly and unnecessarily complicated.
no comments |
post comment
Virtual Dave Megaplex:
Home Page- This wiki's start page
- Send Feedback To Dave
Logged in Users: (0)
Recently Changed
Check Internet Service Database Match- Device-Local Certificate Expired
- CLI Policy Lookup
- DH Selection For IPsec VPNs
- Scan For Newly Added Disk
- nmap
- Seconds Since Epoch to Local Time
- Link Monitor
- DH group to OAKLEY_GROUP table
- Fire Eater
- start
- FortiClient Error Codes
- dhparams Generation
- SSL Certificate Bundles
- ufw
- Grow A LVM Partition
- Creating Users
- whoami
- list databases
- 2023
- 2022
- 2019
- 2018
- 2017
- 2011
- 2010
- 2008
- 2001
- 2000
- 1999
Editing: snipsnap-help, Image Macro(Et auditum est, et idcirco ego nunc simulare)
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.