[prev in list] [next in list] [prev in thread] [next in thread] 

List:       inet-access
Subject:    Re: Is anyone setting up blacklists based on sendmail logs?
From:       Steve Glines <sglines () is-cs ! com>
Date:       2002-11-15 2:21:38
[Download RAW message or body]

Here is one script that does exactly that:

MAIL=/tmp/maillog
cd /var/log
cat maillog* >$MAIL
grep 'User unknown' $MAIL |awk '{print $6}'|
while read  A
do
grep $A $MAIL|grep 'relay='|sed 's/(may be forged)//'|
awk '{print $NF }'|
sed 's/relay=//;s/\[//;s/\]//;s/^.*@//;s/^[A-z].*$//'
done|
sort |uniq -c|sort|
awk 'NF == 2 && $1 >=4 {print $2}'|
while read X
do
if ! grep -q $X /etc/mail/access
then
echo $X"        550 We do not accept mail from spammers (problems 
ailto:xxxx@yahoo.com)">>/etc/mail/access
echo $X"        550 We do not accept mail from spammers"
fi
done
cd /etc/mail
make
rm $MAIL

Mark R. Cervarich wrote:
> Hi,
> 
> I've recently updated/upgraded my system and have been spending a lot 
> of time watching:
> 	$ tail -f /var/log/maillog		(very exciting stuff!) 
> 
> What i've noticed is spammers trying to send to users that don't 
> exists:

-- 
Steve Glines
voice: 978-952-6340         www.is-cs.com
   fax: 978-952-8524         145 Foster Street
  cell: 617-549-7274         Littleton MA 01460

History teaches that war begins when governments believe
the price of aggression is cheap.
- Ronald Reagan

-
Recent archives of the list can be found at:
http://mix.twistedpair.ca/pipermail/inet-access/
Send 'unsubscribe' in the body to 'list-request@inet-access.net' to leave.
Eat sushi frequently.   inet@inet-access.net is the human contact address.
[prev in list] [next in list] [prev in thread] [next in thread]