I have an interesting problem that I have not been able to solve myself. I need to strip out ip addresses from a mail server log file from authenticated POP3 and IMAP connections and save them to a file. Reason for this is that I just installed assp (anti spam smtp proxy) and I want to plug these ip addresses into the relayhosts file. This way anyone who successfully logs in by POP3 or IMAP will have full relaying priveledges.

Now this script should recognize duplicate ip addresses and not add them to the file.

Here is a sample of successful POP3 and IMAP logins:

02:24:21.14 2 POP-24199 ([10.0.0.1]) 'user@domain' connected from [10.0.0.1:60765](temp client)

15:00:06.33 2 IMAP-01201([10.0.0.1]) 'user@domain' connected from [10.0.0.1:32055](temp client)

Any help would be greatly appreciated! Thank You.

Something like this ?
If you don't want to keep the port number, replace :
sub(/].*/,"") ;
By
sub(/:.*/,"") ;

Ah thank you so much. . .I'll give it a try

EDIT: Not the exact results I'm looking for, but its close. Using the : instead of the ] gives me a line that starts with an IP addy but has unfiltered data behind it, example:

170.215.88.150]) 0 {980} retrieved, 44187 bytes

But also it appears to pick up other weird info from the log, which is not what I need, example:

18595] SMTP(hotmail.com)hz220fnco@hotmail.com failed

It would seem to me that at the begin of the script, we need to some how filter for data pertaining to 'POP-' and 'IMAP-' first. Otherwise I get lists of ip addy's for rejected messages/etc.

You can grep the POP- and IMAP- lines and pipe them into the awk command suggested by aigles:
# grep -E POP-\|IMAP- | thatawkcommand
You can also pipe the output of that into a cut command that will remove everything after the square bracket, sort it and eliminate duplicates:
# thatgrepcommand | thatawkcommand | cut -f1 -d\] | sort | uniq

Personally, I avoid awk because I know only a few awk commands.
# grep -E POP-\|IMAP- filename.log | cut -f2 -d\[ | cut -f1 -d\] | sort | uniq
should select the lines containing POP- or IMAP-, cut away everything before the opening square bracket, then everything behind the closing one, then sort and eliminate duplicate IPs. Might be slower than awk though.

Ahh that makes sense. . .I'll give that a try as well.

That actually looks like it might have worked! Thank You!

A new version of my script :
- Selects lines POP- and IMAP-
- The ip address is all time the second [xxx] field
- The port number is removed
- The file $HOST which contains already known ip addresses is updated.