Ip spam scanner

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

IP SPAM Scanner

   KB 5770        Last updated on 2015-07-12  

(0 votes)

This script will scan your current mail log for connect from / unknown ip's and do a host name lookup. If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server.

Run this script from any ware as root

export LANG=C # Adds execution speed

#* Author             : Riaan Pretorius riaan@satsoft.co.za
#* Date Written       : 2011 Mar 21
#* Application Name   : Zimbra/Postfix Connect From Filter ZPCFF
#* Current Version    : 0.02
#* Description        : This script will anyalize and extract all the connect from / unkown ip's
#*                      It will then do a host x.x.x.x and see if the ip resolves to a domain, if
#*                      the ip is not resolving it is considered a spam domain and printed to screen

awk '/ connect from/ {print $8}' /var/log/maillog | grep unknown | awk '{print $1}' | cut -d[ -f2 | cut -d] -f1 \
| while read ip ; do host $ip > /dev/null 2>&1  ;\
 if [ $? -ne 0 ] ; then echo "$ip" ; fi ; done

Verified Against: Zimbra Collaboration 6.0, 5.0 Date Created: 04/16/2014
Article ID: https://wiki.zimbra.com/index.php?title=Ip_spam_scanner Date Modified: 2015-07-12

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search