Ip spam scanner: Difference between revisions

No edit summary
No edit summary
 
Line 1: Line 1:
{{Archive}}{{WIP}}{{Unsupported}}This script will scan your current mail log for connect from / unknown ip's and do a host name lookup.
{{BC|Community Sandbox}}
__FORCETOC__
<div class="col-md-12 ibox-content">
=IP SPAM Scanner=
{{KB|{{Unsupported}}|{{ZCS 7.0}}|{{ZCS 6.0}}|}}
{{Archive}}{{WIP}}This script will scan your current mail log for connect from / unknown ip's and do a host name lookup.
If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server.
If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server.


Line 27: Line 32:


</pre>
</pre>
 
{{Article Footer|Zimbra Collaboration 6.0, 5.0|04/16/2014}}
[[Category:Reporting]]
[[Category:Reporting]]

Latest revision as of 09:51, 12 July 2015

IP SPAM Scanner

   KB 5770        Last updated on 2015-07-12  




0.00
(0 votes)

This script will scan your current mail log for connect from / unknown ip's and do a host name lookup. If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server.


Run this script from any ware as root


#!/bin/bash
export LANG=C # Adds execution speed

#******************************************************************************************************
#* Author             : Riaan Pretorius riaan@satsoft.co.za
#* Date Written       : 2011 Mar 21
#* Application Name   : Zimbra/Postfix Connect From Filter ZPCFF
#* Current Version    : 0.02
#* Description        : This script will anyalize and extract all the connect from / unkown ip's
#*                      It will then do a host x.x.x.x and see if the ip resolves to a domain, if
#*                      the ip is not resolving it is considered a spam domain and printed to screen
#******************************************************************************************************



awk '/ connect from/ {print $8}' /var/log/maillog | grep unknown | awk '{print $1}' | cut -d[ -f2 | cut -d] -f1 \
| while read ip ; do host $ip > /dev/null 2>&1  ;\
 if [ $? -ne 0 ] ; then echo "$ip" ; fi ; done

Verified Against: Zimbra Collaboration 6.0, 5.0 Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=Ip_spam_scanner Date Modified: 2015-07-12



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search