Ip spam scanner
IP SPAM Scanner
- This is archive documentation, which means it is not supported or valid for recent versions of Zimbra Collaboration.
- This article is a Work in Progress, and may be unfinished or missing sections.
This script will scan your current mail log for connect from / unknown ip's and do a host name lookup. If the host does not have a valid domain it will print the bad ip on screen. Useful script if you manually block spammers using a firewall or other means from connecting to your mail server.
Run this script from any ware as root
#!/bin/bash export LANG=C # Adds execution speed #****************************************************************************************************** #* Author : Riaan Pretorius riaan@satsoft.co.za #* Date Written : 2011 Mar 21 #* Application Name : Zimbra/Postfix Connect From Filter ZPCFF #* Current Version : 0.02 #* Description : This script will anyalize and extract all the connect from / unkown ip's #* It will then do a host x.x.x.x and see if the ip resolves to a domain, if #* the ip is not resolving it is considered a spam domain and printed to screen #****************************************************************************************************** awk '/ connect from/ {print $8}' /var/log/maillog | grep unknown | awk '{print $1}' | cut -d[ -f2 | cut -d] -f1 \ | while read ip ; do host $ip > /dev/null 2>&1 ;\ if [ $? -ne 0 ] ; then echo "$ip" ; fi ; done