I've had some issues with accounts on my server being abused for spam (I have about 1,500 accounts on the server, and some are quite old). I found myself on 4 blacklists and needed a way to identify the spam traffic. To this end I wrote a script to analyze the logs and report on how many instances of each IP are identified in the log, and the username associated with the IP. An example output:
1893 "104.47.2.36" lajospkfkcze@iranshiko.com
1814 "104.47.0.36" oodybdauo@envirojet.com.au
1455 "104.47.1.36" susannefbmryet@combocomp.com
759 "216.18.201.195" apache@216-18-201-195.static.webnx.com
752 "173.194.175.26" krystynapjrpheg@fotonteam.com
This is a Linux bash script meant to be run in the same directory as the logs, but you can hack it up to do whatever you need.
Hope this helps some other poor email admin!
## begin script
#!/bin/bash
# Fred Clark 2020
# this script counts the number of instances of each IP in the hmail log
# to check for spam abuse
# cleanup
rm -rf hmail-ip-report.txt >/dev/null 2>&1
rm -rf hmail-log-txt >/dev/null 2>&1
echo "please enter the name of the hmail log file"
echo "and press enter"
read -e input
# extract the IP addresses from the log file
cat $input | cut -f5 | sed '/^$/d'| sort -u > hmail-log.txt
function buildlist {
while read list; do
count=`grep -c $list $input`
account=`grep $list $input | grep "FROM:" | grep @ | head -n1 | cut -d"<" -f2 | cut -d">" -f-1`
echo "$count $list $account" | tee -a hmail-ip-report.txt
done
}
INPUT_FILE=hmail-log.txt
buildlist < $INPUT_FILE
cat hmail-ip-report.txt | sort -n -r > hmail-ip-sort.txt
mv hmail-ip-sort.txt hmail-ip-report.txt
echo "IP address report hmail-ip-report.txt created"
echo "press enter to view"
read
less hmail-ip-report.txt
Log audit script
Re: Log audit script
Why not do that in the EventHandlers?
You can use hMailServer API to update the database. (Write only interface)
All you need then is to run a SQL query and write the report.
You can use hMailServer API to update the database. (Write only interface)
All you need then is to run a SQL query and write the report.
SørenR.
Woke is Marxism advancing through Maoist cultural revolution.
Woke is Marxism advancing through Maoist cultural revolution.
Re: Log audit script
Another way to go, but this also works