On 2016-02-03, [email protected] <[email protected]> wrote:
>  
>
> Hi again, 
>
> We are currently using the command below to find the 30 largest
> authenticated senders on our exim mta's so we can check if it is valid
> email or spam: 
>
> grep -h '^-auth_id' /var/spool/exim4/input/*|sort'|cut -f3 -d"
> "|sort|uniq -c|sort -rn|head -30 
>
> The problem with this is that it only counts emails and not recipients.
> We could have a spammer with 5 emails with 1000 recipients in each and
> we wouldn't notice from the list above 
>
> Is there an easier way to do this maybe with exipick instead of having
> to go through the emails for each sender and count recipients then add
> them all up? 

add a logwrite command to the "RCPT" acl. 
 "acl_smtp_rcpt"

warn
   authenticated = *
   logwrite = RCPT-FROM-AUTH $authenticated_id

now you'll see one line per recipient


-- 
  \_(ツ)_

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to