Problem
I want to know what the smtp "From" addresses are for the IP addresses relaying email through my system.
Hacky Solution
mkdir 1 2 3 output
# dir 1 contains one file for each smtp transaction
for i in `grep stat=Sent /var/log/maillog | awk '{print $6}' | sed -e 's/://' | sort` ; do echo -n .; grep $i /var/log/maillog > 1/$i; done
# dir 2 contains plausible sender address strings for each IP address
for i in `grep Hello 1/* | sed -e 's/^.* [//' -e 's/].*$//' | sort -V -u` ; do echo $i ; for j in `grep -l $i 1/*` ; do grep -i From $j >> 2/$i ; done ;done
# dir 3 contains just email addresses for each IP address
cd 2
for i in * ; do sed -e 's/^.*<//' -e 's/>.*$//' < $i >> ../3/$i ; done
# dir output contains a unique sorted list of teh email address strings.
# the "grep" expression lets you trim off the smtp transaction ID that will also be in these files.
cd ../3
for i in * ; do grep -v relay.mydomain.com $i | sort -u > ../output/$i ; done
Yes
It's ugly. There's no problem I can't make ugly and unnecessarily complicated.