#!/usr/bin/perl
#
# access.spamfrom.where.pl
#	- read /etc/mail/access and see where incoming spam is denied
#
# 28-Jan-07 amo Date-of-Birth
# 10-Mar-08 amo Truncate leading [ and trailing ] in ip# = [w.x.y.z]
#
#
my ( $NAME ) = "access.spamfrom.where.pl";
my ( $ACCESS ) = "/etc/mail/access" ;
#
#
if ( ! -f "$ACCESS" ) {
  printf "#\n";
  printf "# $NAME: ERROR: could not find access=$ACCESS..\n";
  printf "#\n";
}
#
my ( $stat ) = open ( FR, "< $ACCESS" );
if ( $stat > 1 ) {
  printf "#\n";
  printf "# $NAME: ERROR: $stat: could not read access=$ACCESS..\n";
  printf "#\n";
}
#
my ( $id ) = 0;
my ( $line ) = "";
my ( $ip, $reject, $fqdn ) = "";
my ( $y, $z ) = "";
my ( @domain ) = ();
#
while ( <FR> ) {
  $line = $_;
  #
  # process the lines that rejects incoming spam
  #
  if ( ! /^#/ && /REJECT:/ ) {
    #
    #  # w.x.y.z  REJECT: domain.name.com -
    #
    ( $ip, $reject, $fqdn ) = split ( /\s+/, $line );
    ( @domain ) = split ( /\./, $fqdn );
    #
    # printf "..[%d]: $fqdn: $#domain: $line", $id;
    #
    $z = "@domain[$#domain]";
    $y = "@domain[$#domain-1]";
    $x = "@domain[$#domain-2]";
    $w = "@domain[$#domain-3]";
    #
    # Check if it is a proper fqdn or ip#
    #	- if not, use the ip# ( $ip )
    #
    #
    # sort by *.com or w.x.y.z
    $k = $z ;
    #
    # truncate leading [ and trailing ] in ip# = [w.x.y.z]
    #
    if ( ( $w =~ s/^\[/[/ ) && ( $z =~ s/\]$/]/ ) ) {
      $w =~ s/^\[// ;
      $z =~ s/^\]// ;
      $k = "$w.$x.$y.$z";
    }
    #
    $spam_dom{ "$k" } .= " $fqdn";
    $spam_cnt{ "$k" } += 1;
    #
    # printf "..%d..%s..%s..\n\n", $spam_cnt{ "$k" }, $k, $fqdn;
    #
    # if ( mod $id/1000 ) printf "..read %d lines..\n", $id ;
  } #
  $id++;
}
#
# --------------------
# Print based on *.TLD
# --------------------
for $k ( sort keys %spam_dom ) {
  $fqdn = $spam_dom{ "$k" } ;
  #
  $cnt = $spam_cnt{ "$k" };
  $cnt += 1000000;	# pick a big number to sort against
  $spam_sort{ $cnt } = "$k";
  #
# printf "..%5d..%10s..%s..\n", $spam_cnt{ "$k" }, $k, $fqdn;
}
#
# ------------------------------
# Print based on biggest spammer
# ------------------------------
for $cnt ( reverse sort keys %spam_sort ) {
  $k = $spam_sort{ $cnt };
  printf "..%5d..%10s..\n", $cnt, $k;
}
#
#
# End of file