this update adds a date stamp and handles PTR queries that return CNAMEs,
and works for both dig8 and dig9.
#!/bin/sh
#init the output file
cp /dev/null /var/tmp/anvil_ptr.txt
egrep -i "Too frequent connections" /var/log/maillog | awk '{print $12}' |
sort -fn | uniq -ic > /var/tmp/ghba.txt
for IP in `awk '{ print $2 }' /var/tmp/ghba.txt` ; do
CNT=`egrep -i "$IP" /var/tmp/ghba.txt | awk '{ print $1 }'`
PTR=`dig -x $IP ptr | egrep -i "^([0-9]|[a-zA-Z]).* IN.* PTR " | awk ' {
print $5}'`
#PTR=`dig -x $IP ptr | awk '/^[0-9].*PTR/{ print $5} '`
echo $PTR
PTR1=`echo $PTR | awk '{print $1}'`
echo $PTR1
echo "$CNT $IP $PTR1" | awk '{printf "%6s\t%-17s%-20s\n",$1,$2,$3
}' >> /var/tmp/anvil_ptr.txt
done
echo "=================================================" >
/var/tmp/anvil_ptr_sort.txt
echo " `date`" >> /var/tmp/anvil_ptr_sort.txt
echo " Quantity of anvil blocks per IP" >> /var/tmp/anvil_ptr_sort.txt
echo " `postconf smtpd_client_connection_rate_limit`" >>
/var/tmp/anvil_ptr_sort.txt
echo " `postconf client_rate_time_unit`" >> /var/tmp/anvil_ptr_sort.txt
echo "=================================================" >>
/var/tmp/anvil_ptr_sort.txt
echo " "
sort -f -k2 < /var/tmp/anvil_ptr.txt >> /var/tmp/anvil_ptr_sort.txt
echo "IPs + PTR: /var/tmp/anvil_ptr_sort.txt"
exit 0
