here's a script that resolves anvilled IPs to PTRs: /usr/local/bin/ghba.sh
cp /dev/null /var/tmp/anvil_ptr.txt
egrep -i "Too frequent connections" /var/log/maillog | awk '{print $12}' |
sort -rfn | uniq -i > /var/tmp/ghba.txt
for IP in `cat /var/tmp/ghba.txt` ; do
echo $IP
PTR=`dig -x $IP | awk '/IN PTR/{ print $5}'`
echo "$IP $PTR" >> /var/tmp/anvil_ptr.txt
done
sort -f < /var/tmp/anvil_ptr.txt | uniq -i > /var/tmp/anvil_ptr_sort.txt
exit 0
Len
