>I was wondering if anyone out there has made a tool to alert an >administrator when your imail server is getting hammered by a certain email >address. I have looked at Declude's Hijack, but this only limits outgoing >mail.
This is pretty easy to do with a script, or two. grepping every line completely of an entire day's maillog can be too heavy, so the trick is 1. to grep the beginning of the line for $ThisHourNow, which goes very fast, 2. then grep for the log SMTPD lines, 3. grep out what you're looking for, 4. count it, 5. if count above threshold, email alert to Responsible Person. run that script every 5 or 10 minutes. Then once an hour or two, grep/count the same pattern for the entire day, to catch "low-rate abuse" spread over the day. Len To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
