Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Journal of LTjake (4001)

Tuesday January 06, 2004
09:31 PM

postfix log

[ #16686 ]

After checking out Andy's log file analyzer, I decided to give it a try.

The first few lines of the ouput for this month (so far...) follows:

7460 unknown: (lots of ip addresses here)
6616 (6616)
3832 (3832)
3649 (3649)
2667 (2667)
2424 (2424)
1763 (1763)
542 (542)
526 (526)
442 (442)
377 (377)

Does that seem rather large to any of you??

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • wow - must be a virgin system. After about 4 years, attempts to connect are just about soaking up the entire T1. Try running something like this just to tell these bastards to smeg off:


    use IO::Handle;
    use POSIX;

    # process all bans for the recently passed out (10 minutes ago)

    my $timestamp = strftime "%b %e %H:", localtime(time() - 600); # eg, "Oct  7 02:"

    my $recv;
    my $count = 0;

    open my $spam, '<', '/var/log/maillog' or die $!;

    if(-s $spam > 10000*80) {
        # if longer th

    • Hey!

      Thanks for the tip! I decieded to test the rbl stuff by just entering the rbls in the smtpd_client_restrictions section -- my spam has gone down 10-fold.

      If you're curious, you can see some mail stats here []

      Thanks again.

      • That's *almost* it. A should mention a few other things - that's an intelligent choice of RBLs. Those collectively look for open proxies, dial-up/DSL/cable lines at major ISPs, and known spammers. However, sooner or later, you're going to stumble on something blacklisted that you actually want mail from - my machine,, has been blacklisted forever on SPEWS because someone once did something bad on the netblock years ago so the netblock is considered "spammer owned". If you're running a mail gatew