Ip spam scanner: Difference between revisions
(Created page with 'This script will scan your current mail log for connect from / unknown ip's and do a host name lookup. If the host does not have a valid domain it will print the bad ip on screen…') |
No edit summary |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
This script will scan your current mail log for connect from / unknown ip's and do a host name lookup. | {{BC|Community Sandbox}} | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=IP SPAM Scanner= | |||
{{KB|{{Unsupported}}|{{ZCS 7.0}}|{{ZCS 6.0}}|}} | |||
{{Archive}}{{WIP}}This script will scan your current mail log for connect from / unknown ip's and do a host name lookup. | |||
If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server. | If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server. | ||
Line 6: | Line 11: | ||
<pre> | |||
#!/bin/bash | #!/bin/bash | ||
export LANG=C # Adds execution speed | export LANG=C # Adds execution speed | ||
Line 26: | Line 31: | ||
if [ $? -ne 0 ] ; then echo "$ip" ; fi ; done | if [ $? -ne 0 ] ; then echo "$ip" ; fi ; done | ||
</pre> | |||
{{Article Footer|Zimbra Collaboration 6.0, 5.0|04/16/2014}} | |||
[[Category:Reporting]] | [[Category:Reporting]] |
Latest revision as of 09:51, 12 July 2015
IP SPAM Scanner
- This is archive documentation, which means it is not supported or valid for recent versions of Zimbra Collaboration.
- This article is a Work in Progress, and may be unfinished or missing sections.
This script will scan your current mail log for connect from / unknown ip's and do a host name lookup. If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server.
Run this script from any ware as root
#!/bin/bash export LANG=C # Adds execution speed #****************************************************************************************************** #* Author : Riaan Pretorius riaan@satsoft.co.za #* Date Written : 2011 Mar 21 #* Application Name : Zimbra/Postfix Connect From Filter ZPCFF #* Current Version : 0.02 #* Description : This script will anyalize and extract all the connect from / unkown ip's #* It will then do a host x.x.x.x and see if the ip resolves to a domain, if #* the ip is not resolving it is considered a spam domain and printed to screen #****************************************************************************************************** awk '/ connect from/ {print $8}' /var/log/maillog | grep unknown | awk '{print $1}' | cut -d[ -f2 | cut -d] -f1 \ | while read ip ; do host $ip > /dev/null 2>&1 ;\ if [ $? -ne 0 ] ; then echo "$ip" ; fi ; done