admin
Site Admin
Joined: 21 Jun 2005
Posts: 209
|
 Posted: Wed Aug 23, 2006 7:36 pm Post subject: |
 |
|
Just use a little shellscript to extract what you need:
#!/usr/bin/bash
grep NOQUEUE /var/log/mail| awk '{print $10}'| cut -d[ -f2 | while read line
do
len=${#line}-3
ipaddress=${line:1:$len}
echo $ipaddress >>/tmp/spammer-ip.dat
done
sort -rn /tmp/spammer-ips.dat|uniq -c
That script extracts the ip address and then sorts them to put the IPs
with the most rejected mails first.
I used a similar script to compare the result of several blacklists:
printf "%16s %50s %15s %15s %15s \n" ipaddress reverse_dns
dynablock_result sorbs_result spamcop_result
grep "Passed SPAM" /var/log/mail| awk '{print $9}' |while read line
do
len=${#line}-2
ipaddress=${line:1:$len}
reverse_dns=`dig +short -x ${ipaddress}`
length_rdns=${#reverse_dns}-1
reverse_dns=${reverse_dns:0:$length_rdns}
if [ "$reverse_dns" == "" ]; then
{
reverse_dns="unknown"
} fi
reverse_ip=`echo "$ipaddress" | awk -F. '{print $4 "." $3 "." $2 "." $1}'`
#echo "reverse ip: $reverse_ip"
dynablock_result=`dig +short ${reverse_ip}.dynablock.njabl.org`
if [ "$dynablock_result" == "" ]; then
{
dynablock_result="--"
} fi
#echo "$ipaddress $reverse_dns dynablock.njabl.org: $dynablock_result"
sorbs_result=`dig +short ${reverse_ip}.dul.dnsbl.sorbs.net`
if [ "$sorbs_result" == "" ]; then
{
sorbs_result="--"
} fi
#echo "$ipaddress: $reverse_dns dul.sorbs.net: $sorbs_result"
spamcop_result=`dig +short ${reverse_ip}.bl.spamcop.net -t txt`
if [ "$spamcop_result" == "" ]; then
{
spamcop_result="--"
}
else
{
spamcop_result="Spamcop_listed"
}
fi
printf "%16s %50s %15s %15s %15s \n" $ipaddress $reverse_dns
$dynablock_result $sorbs_result $spamcop_result
done
Most of the time a bit of creative scripting is all you need. That will
not take a month of back-breaking learning to achieve. Though I agree that
learning Perl will help you a lot in the future.
Sandy
----------------------------------------
Hi Tony!
You could try webmin suite (http://www.webmin.com).
All you need is perl and net::SSLeay module (if you wish https suuport)
Then install additionally "mailog viewer" module from here
http://www.netorbit.it
this module offers very usefull graficall statistics for mail log of
major SMTP servers, sendmail and postfix.
Kiril
----------------------------------------
Logwatch and pflogsumm do this already, but are sorted by hostnames vs. IP
addresses. I'm working on updating the postfix filter for logwatch to sort
and summarize by IP, which includes sub-totals and totals counts. I've done
this already for the amavis filter for logwatch. Get the latest at:
http://www.logwatch.org
http://jimsun.linxnet.com/postfix_contrib.html
At 3GB, these perl-based program will consume a significant amount of
memory. A simpler script, like that already posted, might be required. (
How often are you rotating your logs? )
MrC |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
