> A Client has contacted me suggesting there email server is not functioning
> correctly, on closer inspection, their IP address is listed on
> www.sorbs.net
If you're listed in SORBS, there's a strong chance your mailer is either
set up as an open relay, or else properly compromised. In the latter case,
I'd be looking to rebuild - and your mail log might not be reliable. Check
for relaying first...
> First thing they want me to do is create a report to show what email has
> been sent out recently and to what addresses.
>
> I'm currently going cross-eyed looking in /var/log/maillog for a pattern.
>
> Any suggestions ?
grep it to filter out the chaff, use awk or somesuch to find the
destination addresses, then use whois to see where you've been sending.
You might want to do some filtering between the last steps to prevent too
many whois lookups.
Vic.
