I'm looking into SPF_PASS and whether we could whitelist some
high-volume domains based on SPF_PASS results. Please run this script
(see directions) on your network mass-check results and email the output
to me.
Thanks!
------- start of cut text --------------
#!/bin/sh
# directions:
# "chdir masses" first
# change variables below to exactly match your corpus
# run and send output to me
# get case correct!
envfrom="Return-path:"
# change appropriately
ham=ham-net-xyzzy.log
spam=spam-net-xyzzy.log
egrep '\bSPF_PASS\b' $spam|awk '{print $3}'|xargs ./mboxget|egrep
"^$envfrom"|cut -f2- -d'@'|cut -f1 -d'>'|tr A-Z a-z|sort|uniq -c|sort -nr >
/tmp/spam.$$
egrep '\bSPF_PASS\b' $ham|awk '{print $3}'|xargs ./mboxget|egrep
"^$envfrom"|cut -f2- -d'@'|cut -f1 -d'>'|tr A-Z a-z|sort|uniq -c|sort -nr >
/tmp/ham.$$
./freqdiff -b /tmp/spam.$$ /tmp/ham.$$
rm -f /tmp/spam.$$ /tmp/ham.$$
------- end ----------------------------
--
Daniel Quinlan
http://www.pathname.com/~quinlan/
