...or grep for that matter. But there's still a couple problems with that:
1. If I want to be notified immediately when an even happens, then the script would need to be complicated enough to "remember" which events it had already informed me of, and would need to be run every few minutes (or run constantly using tail -f but then things get complicated when the logfile rolls over). 2. I am hoping that the alarm message would contain information that the logfile entries don't contain, such as what the would-be spammer entered for the HELO and MAIL FROM. This information will be absolutely essential if I am going to try to press the issue with an ISP. Mike Burden Lynk Systems (616)532-4985 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alex Howansky Sent: Wednesday, August 02, 2000 6:31 PM To: [EMAIL PROTECTED] Subject: RE: SMTP alarm --------------------- Attention ----------------------------- Online GNAT Box User Forum is Now Open Click the Register link and sign up today http://www.gnatbox.com/cgi-bin/Ultimate.cgi ------------------------------------------------------------- Send postings to: [EMAIL PROTECTED] Access the list archives at: http://www.gnatbox.com/gb-users/ ------------------------------------------------------------- > I know that. What I *WANT* to know is who (if anyone) is attempting to > bounce spam off my SMTP proxy, so I can go complain to their ISP, the same > way that I do if someone tries to telnet into my network. A few lines of Perl can pull that information out of your logs. Look for lines like: Aug 2 17:11:38 192.168.254.1 smtp: Rejected (invalid domain "<[EMAIL PROTECTED]>"), [192.168.254.2/1710]->[xxx.xxx.xxx.xxx/25]. -- Alex Howansky Wankwood Associates http://www.wankwood.com/ ---------------------------------------------- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe gb-users your_email_address in the body of the message
