#!/usr/local/bin/perl -lan

## Scott Wiersdorf
## Created: Wed Feb 11 14:58:05 MST 2004
## $Id: sm_dict,v 1.1 2005/08/15 18:25:30 scott Exp $

## find dictionary attackers
next unless $F[4] =~ /^sm-mta/ and my($smid)=$F[5]=~/^(\w{14}):/;
if(/User unknown/){$rej{$smid}++;next}
if($rej{$smid}){next unless my($relay)=$_=~/: from=<.+\@.+>, .*, relay=.*\[([\d\.]+)\.\d+\]/;$host{$relay}++}
END{print "$_ => $host{$_}" for sort{$host{$b}<=>$host{$a}}keys %host}