👋 How can we help you?

Running the Comparison Tool

How to run the Comparison Tool.

Running the Tool

To use this mode, run the "Comparison Tool" by passing in the API_KEY for querying Abusix Mail Intelligence (which can be found at app.abusix.com), along with the DNS list you wish to compare against and the file containing the IP addresses to check.

Each lookup will result in the tool outputting a log line in CSV (comma-separated values) format, which can be later analyzed. Therefore, you need to redirect stdout to a CSV file.



$ ./ami_compare_linux --apikey API_KEY --list bb.barracudacentral.com ips_to_test > results.csv
Processed 27907 items
Processed 28104 items
Processed 28261 items
Processed 28367 items
Processed 28505 items
                             Blocked     %     Unique     % Blocked WL     %
Abusix Mail Intelligence       21125  74.1      20234  95.8          0   0.0
bb.barracudacentral.org         1139   4.0        248  21.8          0   0.0

As shown above, the tool periodically outputs the number of completed lookups. Once finished, it provides a summary table and exits. The summary table includes the following fields:

The number of IPs found to be listed in the blocklist, along with the percentage.
The number of IPs where the IP was only found to be listed on one list and not the other, along with the percentage.
Blocked WL
The comparison list shows the number of listed IPs that were found to be listed in the Abusix Mail Intelligence Whitelist, along with the percentage.

The "results.csv" file can be loaded into most spreadsheet applications. By using "Auto Filter," you can analyze all of the results to look for false positives and investigate the results of the lookups.

Real-time/Streaming Mode

One drawback of using the comparison tool with log files is that it only provides a simple way to compare Abusix Mail Intelligence with another blocklist. It does not replicate what would happen if you were to add Abusix Mail Intelligence to your SMTP server. To address this, we added real-time/streaming mode.

To use this mode, you must extract the IP addresses hitting your MTAs in real-time. This can be done using UNIX commands such as "tail" and "grep" for a single node or system with a centralized log server. The requirement is that the extraction tool can extract one IP per line.

In real-time/streaming mode, UNIX pipes extract the necessary data, and then the comparison tool is placed at the end of the pipe. Use '-' as the filename to tell the tool to read input from stdin instead of a file.

For example, this is how to extract the necessary data from a Postfix log:

$ tail -f /var/log/mail.log | grep --line-buffered -P '\bconnect from\b' | grep --line-buffered -Po '\d+\.\d+\.\d+\.\d+' | ./ami_compare_linux --apikey API_KEY --list bb.barracudacentral.org - > results.csv
Processed 696 items, errors 0, cache hits 0, queue length 115

                               Count     %     Unique     % Blocked WL     %
Abusix Mail Intelligence         663  95.3        240  36.2          0   0.0
bb.barracudacentral.org          423  60.8          0   0.0          0   0.0
Not Listed                        33     -          -     -          -     -
Tip: If you use the GNU “grep” command, add the “--line-buffered” option to make grep flush its output on each line rather than buffering it. This ensures that the DNS lookups are dispatched immediately and spreads the DNS lookup load more efficiently.

Learn More About the Comparison Tool

Back to the Overview of Abusix Mail Intelligence


Send us a message

Having trouble with your setup or a technical issue? Get in touch with our team of Abusix experts.

Click the chat button at the bottom and send us your questions. Alternatively, you can email us at support@abusix.com


also, follow our LinkedIn Channel for updates & subscribe to our YouTube Channel for the latest Abusix how-to-videos.

Did this answer your question?