Ip spam scanner
This script will scan your current mail log for connect from / unknown ip's and do a host name lookup. If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server.
Run this script from any ware as root
#!/bin/bash
export LANG=C # Adds execution speed
#******************************************************************************************************
#* Author : Riaan Pretorius riaan@satsoft.co.za
#* Date Written : 2011 Mar 21
#* Application Name : Zimbra/Postfix Connect From Filter ZPCFF
#* Current Version : 0.02
#* Description : This script will anyalize and extract all the connect from / unkown ip's
#* It will then do a host x.x.x.x and see if the ip resolves to a domain, if
#* the ip is not resolving it is considered a spam domain and printed to screen
#******************************************************************************************************
awk '/ connect from/ {print $8}' /var/log/maillog | grep unknown | awk '{print $1}' | cut -d[ -f2 | cut -d] -f1 \
| while read ip ; do host $ip > /dev/null 2>&1 ;\
if [ $? -ne 0 ] ; then echo "$ip" ; fi ; done
</code>