I wanted to determine how many connections I was receiving per day from
Gmail
Simple Mail Transfer Protocol (SMTP) servers to my email
server running
Sendmail on a CentOS Linux system and the IP addresses of the Gmail
servers that were sending email to users on my server. So I created a simple
Python script to search for lines in the maillog file,
/var/log/maillog
for any lines containing "relay" and
"google.com" on the same line, since the Gmail servers are in
Google's domain.
#!/usr/bin/python # Name: find-Google.py # Created: 2017-10-01 # Last modified; 2017-10-01 # Version: 0.1 # # Purpose: search /var/log/maillog for all entries where a Google server # is the sending SMTP server. Those entries will contain text similar to # "relay=mail-ua0-f196.google.com [209.85.217.196]" import os, re, sys inFile = "/var/log/maillog" # Check on whether the file exists and is accessible if not os.path.isfile(inFile): print "Error - input file", inFile, "is not accessible!" sys.exit(1) else: f = open(inFile, "r") searchStr = "relay=(.*\.google\.com) \[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]" for line in f: if "relay=" and "google.com" in line: searchObj = re.search(searchStr, line) if searchObj: FQDN = searchObj.group(1) IP = searchObj.group(2) print FQDN, IP f.close()
I import the os
module so I can use os.path.isfile(inFile)
to ensure that the
specifiled log file exists and the
sys
module so I can exit the program immediately with sys.exit(1)
indicating the program was terminated when it encountered an error. I import
the re module so that
I can use a regular
expression for the search on each line of the input file.
The script prints the fully qualified domain name (FQDN) and the IP address for each entry in the log file that references one of Google's Gmail serves. When I ran the script on today's log file, I saw the following output:
# ./find-Google.py mail-lf0-f65.google.com 209.85.215.65 mail-io0-f182.google.com 209.85.223.182 mail-it0-f67.google.com 209.85.214.67 mail-lf0-f66.google.com 209.85.215.66 mail-io0-f172.google.com 209.85.223.172 mail-ua0-f195.google.com 209.85.217.195 mail-ua0-f193.google.com 209.85.217.193 mail-it0-f66.google.com 209.85.214.66 mail-ua0-f194.google.com 209.85.217.194 mail-ua0-f193.google.com 209.85.217.193 mail-ua0-f194.google.com 209.85.217.194 mail-io0-f173.google.com 209.85.223.173 mail-ua0-f194.google.com 209.85.217.194 mail-ua0-f193.google.com 209.85.217.193 mail-ua0-f194.google.com 209.85.217.194 mail-ua0-f196.google.com 209.85.217.196 mail-io0-f181.google.com 209.85.223.181 mail-ua0-f196.google.com 209.85.217.196 mail-ua0-f193.google.com 209.85.217.193
There were 19 entries for the day at the time I ran the script:
# ./find-Google.py | wc -l 19 #