[nsp-sec] Question about potentially compromised emailcredentials

[Buchanan, Mark]

Darn mail filters doing what they're supposed to...  Here's the script -
sorry for the extra mails...

--- mx-as.sh start ---

#!/bin/bash

# Std error diagnosticis...
if [ "x$*" == "x" ]; then
  echo "Please supply a mx domain name (or more than one)...exiting..."
  exit
fi

for SMX in $*
do
  # Rip out the valid MX for a given domain
  dig $SMX MX | grep "MX" | sort -k5 -n | grep -v "^;" | while read MXS
  do
    P=`echo $MXS | awk '{ print $5 }'`  # Pull priority
    H=`echo $MXS | awk '{ print $6 }'`  # Pull hostname
    IP=`dig +short $H`                  # Pull IP for hostname
    for IPN in $IP                      # ensure multiples are handled
    do
      # Reverse the IP for the cymru origin request
      IPNR=`echo $IPN | tr '.' ' ' | awk '{ print $4, $3, $2, $1 }' | tr
' ' '.'`
      # Perform request - grab numeically last AS as it would be the
most specific
      CASN=`dig +short $IPNR.origin.asn.cymru.com TXT | sort | tail -1 |
sed s/\"//g`
      # echo the results out for the user to consume..
      echo "$CASN | $IPN $SMX $H $P"
    done
  done
done

-- mx-as.sh stop --


Mark

This message contains information which may be confidential and/or privileged. Unless you are the intended recipient (or authorized to receive for the intended recipient), you may not read, use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail and delete the message and any attachment(s) thereto without retaining any copies.