Installation
Download the tool and make it executable:
$ chmod +x ami_compare_linux
If run without any options - it will output its usage and available command line options:
$ ./ami_compare.linux
Usage: ami_compare.linux --apikey <apikey> --list <list> <filename>
Options:
--version Show version number [boolean]
--apikey Abusix Mail Intelligence API key [required]
--list DNS suffix of the DNSBL to compare against [required]
--debug Write debug output to stderr [boolean]
--cache Cache result data to reduce DNS load [boolean]
-h, --help Show help [boolean]
Copyright 2021, Abusix Inc.
Node v8.17.0 (x64)
Using DNS servers: 1.1.1.1
Not enough non-option arguments: got 0, need at least 1
Logfile Mode
For logfile mode, the tool requires a file containing a list of IPs to be checked. This list should be extracted from the log files of your production system(s). The logs should be no more than 2 days old and should ideally be as recent as possible for the best results. These can either be a simple de-duplicated list of IP addresses, or, a list containing count (e.g. occurrences) and IP addresses, with the latter being preferred as it will provide a more accurate result.
Data Preparation
Here is an example of how to extract a list of IPs using standard UNIX tools from a server running Postfix. This can be modified to work with most logfile formats with some minor modifications.
$ grep -Poh '\d+\.\d+\.\d+\.\d+' /var/log/mail.log | sort | uniq -c | sort -rn > ips_to_test
This will create a file called “ips_to_test” containing “<count> <ip>” where <count> is the number of times that IP address has been seen in the logs and will be sorted by the IPs with the largest
number of occurrences first.