#!/usr/bin/perl -w
#BEGIN {open STDERR, ">/root/error.log" or die $!}
use strict;
use Data::Dumper;

my $limit = 20;

my $okfile = '/root/tools/qmail/ok_smtpd';
open F, $okfile or die $!;
my %ok = map {chomp; split /\|/} <F>;

my $skip = join '|', 
qw(
vdc-l-return
wtf_news
   );

my (%tcpserver, %rbl, %tcpsmtp, %brt, %bmf, %bh, %block);
my $dir = '/var/log/qmail/qmail-smtpd/old';

my ($day, $mon, $year) = (localtime(time - 86400))[3..5];
my $yesterday = sprintf '%d-%.2d-%.2d' => 1900+$year, $mon+1, $day;

open F, "$dir/$yesterday" or die $!;
while (<F>) {
  if (/tcpserver: .* from ([0-9.]+)/) {
    $tcpserver{$1}++;
  }
  elsif (/rblsmtpd: ([0-9.]+)/) {
    $rbl{$1}++;
  }
  elsif (/^.+badrcptto:.+at ([0-9.]+)/) {
    $brt{$1}++;
  }
  elsif (/^.+badmailfrom (.+)/) {
    $bmf{$1}++;
  }
  elsif (/^.+badhelo (.+)/) {
    $bh{$1}++;
  }
}

my $tcp = '/etc/tcp.smtp.2';
open T, $tcp or die $!;      
while (<T>) {
  my $bad = $1 if /^(.*):allow,RBLSMTPD=\"Connection/;
  next unless $bad;
# Blocking a range (64.70.17.132-142:deny)
  if ($bad =~ /(\d+\.\d+\.\d+\.)(\d+)-(\d+)/ ) {
    my $root = $1;
    for my $i ($2..$3) {
      my $ip = $root . $i;
      $tcpsmtp{$ip}++;
    }
  }
# Blocking an entire block (61.117.119.:deny)
  elsif ($bad =~ /\.$/) {
    $block{$bad}++;
  }
# Blocking a simple address (23.243.45.3)
  else {
    $tcpsmtp{$bad}++;
  }
}

my $msg;
TOP: for my $ip (sort {$tcpserver{$b} <=> $tcpserver{$a}} keys %tcpserver) {
  next unless $tcpserver{$ip} > $limit;
  for my $range (keys %block) {
    if ($ip =~ /^$range/) {
      $msg .= " $ip => $tcpserver{$ip} Block range\n";
      next TOP;
    }
  }
  if ($rbl{$ip}) {
    next;
  }
  elsif ($tcpsmtp{$ip}) {
    $msg .= "$ip => $tcpserver{$ip} Denied in tcp.smtp file\n";
  }
  elsif ($bmf{$ip}) {
    $msg .= "$ip => $tcpserver{$ip} Rejected by badmailfrom\n";
  }
  elsif ($brt{$ip}) {
    $msg .= "$ip => $tcpserver{$ip} Rejected by badrcptto\n";
  }
  elsif ($bh{$ip}) {
    $msg .= "$ip => $tcpserver{$ip} Gave us a badhelo\n";
  }
  else {
    my $res = `yqf $ip`;
    next if $res =~ /$skip/;
    if ($ok{$ip}) {
      $msg .= "$ip => $tcpserver{$ip} => $ok{$ip}\n";
      next;
    }
    my %r = map {$_,1} $res =~/QMAILRCPTS=(.*)/g;
    unless (keys %r) {
      $msg .= "$ip => $tcpserver{$ip} dropped connection\n";
      next;
    }
    my $dns = `dnsname $ip`; chomp $dns;
    $msg .= "$ip => $tcpserver{$ip}";
    $dns ? ($msg .= " => $dns\n") : ($msg .= "\n");
    for my $k (sort keys %r) {
      $msg .= "\t$k\n";
    }
  }
}

open M, "|/var/qmail/bin/qmail-inject" or die $!;
print M qq~To: lou (!) visca-server.com
Subject: SMTP IP's for $yesterday

$msg
~;