The following monster will parse the mail log and report on unique host connections along with a count.
cat /var/log/mail.log | \
grep ' connect from unknown' | \
awk '{ print $8 }' | \
sort | \
sed -n 's/.*\[\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\)\].*/\1/p' | \
awk '{count[$1]++} END {for (word in count) print count[word], word}' | \
sort -n
I was reading about environment variables and I also found this article Internal Variables that describes the variables used by bash. In reading that I learned about the awk FS variable which aids in field splitting. See page 146 of sed & awk by Dougherty and Robbins for details, but basically you can set FS to a single character to have lines split into fields based on that character, or you can specify a regular expression such as “\t+” (any number of tabs separates fields) or “[,;]” (a single comma or fullstop will separate fields).