Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Journal of LTjake (4001)

Tuesday January 06, 2004
09:31 PM

postfix log

[ #16686 ]

After checking out Andy's log file analyzer, I decided to give it a try.

The first few lines of the ouput for this month (so far...) follows:

7460 unknown: (lots of ip addresses here)
6616 usgate01.e-mail.com: 204.146.55.141 (6616)
3832 usgate02.e-mail.com: 204.146.55.142 (3832)
3649 m12.itconsult.net: 193.201.42.12 (3649)
2667 usgate04.e-mail.com: 204.146.55.144 (2667)
2424 smtp.everyone.net: 216.200.145.17 (2424)
1763 nmho11u.rohmhaas.com: 136.141.2.13 (1763)
542 defout.telus.net: 199.185.220.240 (542)
526 nysmtp.comforce.com: 167.206.141.29 (526)
442 uran.kharkiv.net: 194.44.156.30 (442)
377 sec.uk.pi.se: 194.177.170.10 (377)

Does that seem rather large to any of you??

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • wow - must be a virgin system. After about 4 years, attempts to connect are just about soaking up the entire T1. Try running something like this just to tell these bastards to smeg off:

    #!/usr/bin/perl

    use IO::Handle;
    use POSIX;

    # process all bans for the recently passed out (10 minutes ago)

    my $timestamp = strftime "%b %e %H:", localtime(time() - 600); # eg, "Oct  7 02:"

    my $recv;
    my $count = 0;

    open my $spam, '<', '/var/log/maillog' or die $!;

    if(-s $spam > 10000*80) {
        # if longer th

    • Hey!

      Thanks for the tip! I decieded to test the rbl stuff by just entering the rbls in the smtpd_client_restrictions section -- my spam has gone down 10-fold.

      If you're curious, you can see some mail stats here [alternation.net]

      Thanks again.

      • That's *almost* it. A should mention a few other things - that's an intelligent choice of RBLs. Those collectively look for open proxies, dial-up/DSL/cable lines at major ISPs, and known spammers. However, sooner or later, you're going to stumble on something blacklisted that you actually want mail from - my machine, slowass.net, has been blacklisted forever on SPEWS because someone once did something bad on the netblock years ago so the netblock is considered "spammer owned". If you're running a mail gatew