Finding Gmail SMTP entries in Sendmail log files

I wanted to determine how many connections I was receiving per day from Gmail Simple Mail Transfer Protocol (SMTP) servers to my email server running Sendmail on a CentOS Linux system and the IP addresses of the Gmail servers that were sending email to users on my server. So I created a simple Python script to search for lines in the maillog file, /var/log/maillog for any lines containing "relay" and "google.com" on the same line, since the Gmail servers are in Google's domain.

#!/usr/bin/python

# Name: find-Google.py
# Created: 2017-10-01
# Last modified; 2017-10-01
# Version: 0.1
#
# Purpose: search /var/log/maillog for all entries where a Google server
# is the sending SMTP server. Those entries will contain text similar to
# "relay=mail-ua0-f196.google.com [209.85.217.196]"

import os, re, sys

inFile = "/var/log/maillog"

# Check on whether the file exists and is accessible
if not os.path.isfile(inFile):
   print "Error - input file", inFile, "is not accessible!"
   sys.exit(1)
else:
   f = open(inFile, "r")

searchStr = "relay=(.*\.google\.com) \[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]"

for line in f:
    if "relay=" and "google.com" in line:
       searchObj = re.search(searchStr, line)
       if searchObj:
          FQDN = searchObj.group(1)
          IP   = searchObj.group(2)
          print FQDN, IP
f.close()

I import the os module so I can use os.path.isfile(inFile) to ensure that the specifiled log file exists and the sys module so I can exit the program immediately with sys.exit(1) indicating the program was terminated when it encountered an error. I import the re module so that I can use a regular expression for the search on each line of the input file.

The script prints the fully qualified domain name (FQDN) and the IP address for each entry in the log file that references one of Google's Gmail serves. When I ran the script on today's log file, I saw the following output:

# ./find-Google.py
mail-lf0-f65.google.com 209.85.215.65
mail-io0-f182.google.com 209.85.223.182
mail-it0-f67.google.com 209.85.214.67
mail-lf0-f66.google.com 209.85.215.66
mail-io0-f172.google.com 209.85.223.172
mail-ua0-f195.google.com 209.85.217.195
mail-ua0-f193.google.com 209.85.217.193
mail-it0-f66.google.com 209.85.214.66
mail-ua0-f194.google.com 209.85.217.194
mail-ua0-f193.google.com 209.85.217.193
mail-ua0-f194.google.com 209.85.217.194
mail-io0-f173.google.com 209.85.223.173
mail-ua0-f194.google.com 209.85.217.194
mail-ua0-f193.google.com 209.85.217.193
mail-ua0-f194.google.com 209.85.217.194
mail-ua0-f196.google.com 209.85.217.196
mail-io0-f181.google.com 209.85.223.181
mail-ua0-f196.google.com 209.85.217.196
mail-ua0-f193.google.com 209.85.217.193

There were 19 entries for the day at the time I ran the script:

# ./find-Google.py | wc -l
19
#