👋 How can we help you?


How to prepare data and your systems for the tool


Download the tool and make it executable:

$ chmod +x ami_compare_linux

If run without any options - it will output its usage and available command line options:

$ ./ami_compare.linux
Usage: ami_compare.linux --apikey <apikey> --list <list> <filename>

  --version   Show version number                                [boolean]
  --apikey    Abusix Mail Intelligence API key                   [required]
  --list          DNS suffix of the DNSBL to compare against     [required]
  --debug    Write debug output to stderr                        [boolean]
  --cache    Cache result data to reduce DNS load                [boolean]
  -h, --help  Show help                                          [boolean]

Copyright 2021, Abusix Inc.
Node v8.17.0 (x64)
Using DNS servers:

Not enough non-option arguments: got 0, need at least 1

Logfile Mode

For logfile mode, the tool requires a file containing a list of IPs to be checked. This list should be extracted from the log files of your production system(s). The logs should be no more than 2 days old and should ideally be as recent as possible for the best results. These can either be a simple de-duplicated list of IP addresses, or, a list containing count (e.g. occurrences) and IP addresses, with the latter being preferred as it will provide a more accurate result.


Data Preparation

Here is an example of how to extract a list of IPs using standard UNIX tools from a server running Postfix. This can be modified to work with most logfile formats with some minor modifications.

$ grep -Poh '\d+\.\d+\.\d+\.\d+' /var/log/mail.log | sort  | uniq -c | sort -rn > ips_to_test

This will create a file called “ips_to_test” containing “<count> <ip>” where <count> is the number of times that IP address has been seen in the logs and will be sorted by the IPs with the largest

number of occurrences first.

Did this answer your question?