# Analyze milter log to find abusers

fp = open('/var/log/milter/milter.log','r')
subdict = {}
ipdict = {}
spamcnt = {}
for line in fp:
  a = line.split(None,4)
  if len(a) < 4: continue
  dt,tm,id,op = a[:4]
  if op == 'Subject:':
    if len(a) > 4: subdict[id] = a[4].rstrip()
  elif op == 'connect':
    ipdict[id] = a[4].rstrip()
  elif op in ('eom','dspam'):
    if id in subdict: del subdict[id]
    if id in ipdict: del ipdict[id]
  elif op in ('REJECT:','DSPAM:','SPAM:','abort'):
    if id in subdict:
      if id in ipdict:
        ip = ipdict[id]
	del ipdict[id]
	f,host,raw = ip.split(None,2)
	if host in spamcnt:
	  spamcnt[host] += 1
	else:
	  spamcnt[host] = 1
      else: ip = ''
      print dt,tm,op,a[4].rstrip(),subdict[id]
      del subdict[id]
    else:
      print line.rstrip()
print len(subdict),'leftover entries'

spamlist = filter(lambda x: x[1] > 1,spamcnt.items())
spamlist.sort(lambda x,y: x[1] - y[1])
for ip,cnt in spamlist:
  print cnt,ip