Installation

Download the tool and make it executable:

$ chmod +x ami_compare_linux

If run without any options - it will output its usage and available command line options:

$ ./ami_compare.linux
Usage: ami_compare.linux --apikey <apikey> --list <list> <filename>

Options:
  --version   Show version number                                [boolean]
  --apikey    Abusix Mail Intelligence API key                   [required]
  --list          DNS suffix of the DNSBL to compare against     [required]
  --debug    Write debug output to stderr                        [boolean]
  --cache    Cache result data to reduce DNS load                [boolean]
  -h, --help  Show help                                          [boolean]

Copyright 2021, Abusix Inc.
Node v8.17.0 (x64)
Using DNS servers: 1.1.1.1

Not enough non-option arguments: got 0, need at least 1

Logfile Mode

For logfile mode, the tool requires a file containing a list of IPs to be checked. This list should be extracted from the log files of your production system(s). The logs should be no more than 2 days old and should ideally be as recent as possible for the best results. These can either be a simple de-duplicated list of IP addresses, or, a list containing count (e.g. occurrences) and IP addresses, with the latter being preferred as it will provide a more accurate result.

Data Preparation

Here is an example of how to extract a list of IPs using standard UNIX tools from a server running Postfix. This can be modified to work with most logfile formats with some minor modifications.

$ grep -Poh '\d+\.\d+\.\d+\.\d+' /var/log/mail.log | sort  | uniq -c | sort -rn > ips_to_test

This will create a file called “ips_to_test” containing “<count> <ip>” where <count> is the number of times that IP address has been seen in the logs and will be sorted by the IPs with the largest

number of occurrences first.