this command: grep "relays.ordb.org" -i /var/log/maillog | cut -d "=" -f 2 | cut -d ">" -f 1 | sort -f | less
will show all of todays ip's blocked by relays.ordb.org. it of course is for the specific syntax of that RBL server's reject text, so adapt it to other RBL servers. Things to look for: mutliple lines with the same ip ? multiple line with the same Class C ? This is easier to see if you insert after sort a "| uniq -i" step. I'm thinking about some scripts to move these ip's' Class C's into a mta_clients_relays_orbs.map file. objective is same as earlier, to reduce the load on your DNS, and RBL query delays by having a local history file of rejects. Here's another syntax for the preceding 10 days (assuming you rotate maillog every 00:00 o'clock) to get a little history, wraps: zgrep "relays.ordb.org" -i /var/log/maillog.[0-9].gz | cut -d "=" -f 2 | cut -d ">" -f 1 | sort -f | less ( don't do .[0-150].gz since the [ - ] syntax for a numeric range only works for unique digits. ) Len __________________________________________________________________ www.menandmice.com/DNS-training : DNS Training BIND8NT.MEIway.com : ISC BIND for NT4 & W2K IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
