Until Wietse implements my recommendation of including PTR/unknown to the
blocked IPs in the anvil lines, you can use this q'n'd script to harvest
the lines and resolve PTR records:
/usr/local/bin/ghba.sh (get host by address)
#!/bin/sh
cp /dev/null /var/tmp/anvil_ptr.txt
egrep -i "Too frequent connections" /var/log/maillog | awk '{print $12}' |
sort -rfn | uniq -i > /var/tmp/ghba.txt
for IP in `cat /var/tmp/ghba.txt` ; do
echo "$IP"
dig -x $IP | awk '/IN PTR/{ print $5}'\
>> /var/tmp/anvil_ptr.txt
done
sort -f < /var/tmp/anvil_ptr.txt | uniq -i > /var/tmp/anvil_ptr_sort.txt
exit 0
Len
