On 2016-02-03, [email protected] <[email protected]> wrote: > > > Hi again, > > We are currently using the command below to find the 30 largest > authenticated senders on our exim mta's so we can check if it is valid > email or spam: > > grep -h '^-auth_id' /var/spool/exim4/input/*|sort'|cut -f3 -d" > "|sort|uniq -c|sort -rn|head -30 > > The problem with this is that it only counts emails and not recipients. > We could have a spammer with 5 emails with 1000 recipients in each and > we wouldn't notice from the list above > > Is there an easier way to do this maybe with exipick instead of having > to go through the emails for each sender and count recipients then add > them all up?
add a logwrite command to the "RCPT" acl. "acl_smtp_rcpt" warn authenticated = * logwrite = RCPT-FROM-AUTH $authenticated_id now you'll see one line per recipient -- \_(ツ)_ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
