#!/usr/bin/perl

my $log = "/var/log/maillog";

open(LOG, "< $log") || die "Can't open mail: $!\n";

  while (<LOG>) {
     if (m/stat=(.*)\s/o) {
         if ( $1 !~ m/Sent/ ) {
             $stat = $1;
             if ( m/\:\s(.*)\:\sto/o ) {
                 $msgid = $1;
                 push(@msgids,$msgid);
              } # got msgid
         } # got stat
      } # if
    $stat = undef;
    $msgid = undef;
  } # while

  @msgs = map{ qr/$_/ } @msgs;

  seek(LOG,0,0); # go back to the beginning

  while (<LOG>) {
     chomp;
     foreach $msgid ( sort(@msgids) ) {
        if (m/(.*)($msgid\:\s.*)/) {
            my $match = $2;
            if ( $match =~ m/(ruleset.*)/o ) {
                push(@msgs,$1);
             } # only get the ruleset
         } # if msgid
      } # foreach
   } # log

  foreach $msg ( @msgs ) {
      print "($msg)\n\n";
   } # foreach

close LOG;