Download the tool and make it executable:
$ chmod +x ami_compare_linux
If run without any options - it will output its usage and available command line options:
$ ./ami_compare.linux Usage: ami_compare.linux --apikey <apikey> --list <list> <filename> Options: --version Show version number [boolean] --apikey Abusix Mail Intelligence API key [required] --list DNS suffix of the DNSBL to compare against [required] --debug Write debug output to stderr [boolean] --cache Cache result data to reduce DNS load [boolean] -h, --help Show help [boolean] Copyright 2021, Abusix Inc. Node v8.17.0 (x64) Using DNS servers: 220.127.116.11 Not enough non-option arguments: got 0, need at least 1
For logfile mode, the tool requires a file containing a list of IPs to be checked. This list should be extracted from the log files of your production system(s). The logs should be no more than 2 days old and should ideally be as recent as possible for the best results. These can either be a simple de-duplicated list of IP addresses, or, a list containing count (e.g. occurrences) and IP addresses, with the latter being preferred as it will provide a more accurate result.
Here is an example of how to extract a list of IPs using standard UNIX tools from a server running Postfix. This can be modified to work with most logfile formats with some minor modifications.
$ grep -Poh '\d+\.\d+\.\d+\.\d+' /var/log/mail.log | sort | uniq -c | sort -rn > ips_to_test
This will create a file called “ips_to_test” containing “<count> <ip>” where <count> is the number of times that IP address has been seen in the logs and will be sorted by the IPs with the largest
number of occurrences first.