Pipe in some exim main log lines, pass the email address of an abused account, get a report of how much mail they sent, how many recipients it was relayed to and how spammy the mail was.

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import os, sys, time

fromaddr = sys.argv[1]
print fromaddr

received, recipients, rejects, relayed = 0, 0, 0, 0
msgids = []
sa_scores = {}

for line in sys.stdin:
    msgid = line[20:36]
    sa_index = line.find("Spamassassin score is ")
    if (sa_index > -1):
       sa_scores[msgid] = float(line[sa_index + 22:])
    if (line.find("rejected after DATA: Spam messages are not welcome here") > -1 and line.find("F=<%s>" % (fromaddr,)) > -1):
        rejects = rejects + 1
        sa_scores.pop(msgid)
        continue
    if (line.find(" <= ") > -1):
        index = line.find(" from <%s> " % (fromaddr,))
        if (index > -1):
            received = received + 1
            rcpt_i = line.find(" for ", index + len(fromaddr) + 8) + 5
            recipients = recipients + len(line[rcpt_i:].split())
            msgids.append(msgid)
            continue
    if (msgid in msgids):
        if (line.find(" => ") > -1 or line.find(" -> ") > -1):
            relayed = relayed + 1

sys.stdout.write("Rejected %d emails\n" % rejects)
sys.stdout.write("Received %d emails, for %d receipients and relayed to %d recipients\n" % (received, recipients, relayed))

for msgid in sa_scores.keys():
    if (msgid not in msgids):
        sa_scores.pop(msgid)

try:
    sa_scores = sa_scores.values()
    sa_scores.sort()
    sa_total = 0
    for sa_score in sa_scores:
        sa_total = sa_total + sa_score
    sys.stdout.write("SA Scores: min %.1f, med %.1f, max %.1f\n" % (sa_scores[0], (sa_total / len(sa_scores)), sa_scores[-1]))
except:
    pass