[prev in list] [next in list] [prev in thread] [next in thread]
List: inet-access
Subject: Re: Is anyone setting up blacklists based on sendmail logs?
From: Steve Glines <sglines () is-cs ! com>
Date: 2002-11-15 2:21:38
[Download RAW message or body]
Here is one script that does exactly that:
MAIL=/tmp/maillog
cd /var/log
cat maillog* >$MAIL
grep 'User unknown' $MAIL |awk '{print $6}'|
while read A
do
grep $A $MAIL|grep 'relay='|sed 's/(may be forged)//'|
awk '{print $NF }'|
sed 's/relay=//;s/\[//;s/\]//;s/^.*@//;s/^[A-z].*$//'
done|
sort |uniq -c|sort|
awk 'NF == 2 && $1 >=4 {print $2}'|
while read X
do
if ! grep -q $X /etc/mail/access
then
echo $X" 550 We do not accept mail from spammers (problems
ailto:xxxx@yahoo.com)">>/etc/mail/access
echo $X" 550 We do not accept mail from spammers"
fi
done
cd /etc/mail
make
rm $MAIL
Mark R. Cervarich wrote:
> Hi,
>
> I've recently updated/upgraded my system and have been spending a lot
> of time watching:
> $ tail -f /var/log/maillog (very exciting stuff!)
>
> What i've noticed is spammers trying to send to users that don't
> exists:
--
Steve Glines
voice: 978-952-6340 www.is-cs.com
fax: 978-952-8524 145 Foster Street
cell: 617-549-7274 Littleton MA 01460
History teaches that war begins when governments believe
the price of aggression is cheap.
- Ronald Reagan
-
Recent archives of the list can be found at:
http://mix.twistedpair.ca/pipermail/inet-access/
Send 'unsubscribe' in the body to 'list-request@inet-access.net' to leave.
Eat sushi frequently. inet@inet-access.net is the human contact address.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic