#!/usr/bin/perl

#maillog.pl - look at the reject'd's from maillog
#sudo  grep reject /var/log/maillog > maillog_reject

# open IN, 'maillog_reject' or die "can't open maillog_reject $!\n";

# try this:
#  sudo tail -20000 /var/log/maillog | grep reject | ./maillog.pl
my $cnt = 0;

# RCPT from newmx2.fast.net[209.92.1.32]

my $limit = 100000000;
my %ip;
while (my $st = <>) {
    $cnt++;
    $st =~ /RCPT from (.+)\[(.+)\]/;
    #$st =~ /RCPT from ([^\[])+\[([^]])+]/;
    #print "1: $1|2|$2\n";
    $ip{$2}++;
    last if $cnt > $limit;
}
if ($cnt > $limit) {
    print "exited early at $limit lines\n";
}
print "Processed $cnt bogus maillog lines\n";
my $cnt = 0;
foreach my $key (sort {$ip{$b} <=> $ip{$a}} keys %ip) {
    next if ($ip{$key} < 2);
    print "$key: $ip{$key}\n";
    last if $cnt > 15;
    $cnt++;
}