Ip spam scanner: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
{{ | {{BC|Community Sandbox}} | ||
__FORCETOC__ | |||
<div class="col-md-12 ibox-content"> | |||
=IP SPAM Scanner= | |||
{{KB|{{Unsupported}}|{{ZCS 7.0}}|{{ZCS 6.0}}|}} | |||
{{Archive}}{{WIP}}This script will scan your current mail log for connect from / unknown ip's and do a host name lookup. | |||
If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server. | If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server. | ||
Line 27: | Line 32: | ||
</pre> | </pre> | ||
{{Article Footer|Zimbra Collaboration 6.0, 5.0|04/16/2014}} | |||
[[Category:Reporting]] | [[Category:Reporting]] |
Latest revision as of 09:51, 12 July 2015
IP SPAM Scanner
- This is archive documentation, which means it is not supported or valid for recent versions of Zimbra Collaboration.
- This article is a Work in Progress, and may be unfinished or missing sections.
This script will scan your current mail log for connect from / unknown ip's and do a host name lookup. If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server.
Run this script from any ware as root
#!/bin/bash export LANG=C # Adds execution speed #****************************************************************************************************** #* Author : Riaan Pretorius riaan@satsoft.co.za #* Date Written : 2011 Mar 21 #* Application Name : Zimbra/Postfix Connect From Filter ZPCFF #* Current Version : 0.02 #* Description : This script will anyalize and extract all the connect from / unkown ip's #* It will then do a host x.x.x.x and see if the ip resolves to a domain, if #* the ip is not resolving it is considered a spam domain and printed to screen #****************************************************************************************************** awk '/ connect from/ {print $8}' /var/log/maillog | grep unknown | awk '{print $1}' | cut -d[ -f2 | cut -d] -f1 \ | while read ip ; do host $ip > /dev/null 2>&1 ;\ if [ $? -ne 0 ] ; then echo "$ip" ; fi ; done