I will start checking the logs. I think you are all right. Mid yesterday and today I have not had to restart the services.
Thanks Kyle -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Len Conrad Sent: Tuesday, March 01, 2005 10:28 AM To: [email protected] Subject: Re: [IMail Forum] Smtpd32 Memory Leak 8.15 >To get a report of volume of connects per IP, reverse sorted by qty of >connects, wraps: > >egrep -i "smtpd.*connect" sys0624.txt | gawk "{print $6}" | unixsort -nf | >uniq -ic | unixsort -rnf | less > >... to see which individual IPs are attacking. duh, forgot to show some results: 4142 xxx IMGate 1 3909 xxx IMGate 2 120 69.43.143.57 120 xxx local server 97 xxx local server 26 12.30.212.142 15 xxx local server 14 xxx local server 9 69.8.166.10 9 66.193.106.205 4 63.251.239.251 3 64.84.20.11 3 206.71.51.24 2 69.27.254.14 2 66.249.28.34 2 66.17.227.139 2 64.136.98.192 2 63.85.86.40 2 63.209.156.87 2 61.175.142.200 2 213.28.196.145 2 209.89.216.13 2 208.179.153.141 1 83.73.255.170 1 83.69.168.152 1 83.32.110.32 1 82.81.1.155 1 82.67.228.51 1 82.51.191.202 1 82.40.30.52 1 82.143.154.194 1 81.220.148.121 1 81.218.62.159 >To get a report of volume of connects per IP, sorted by IP, wraps: > >egrep -i "smtpd.*connect" sys0624.txt | gawk "{print $6}" | unixsort -nf | >uniq -ic | unixsort -rnf | less > >... which facilitates identifying Class C's to block. note the IPs sorted in ascending order: 1 68.205.147.233 1 68.251.46.13 1 68.40.47.224 1 68.45.103.69 1 68.58.132.243 1 68.61.108.14 1 68.74.205.39 1 69.11.214.245 1 69.110.92.206 1 69.148.101.185 2 69.27.254.14 1 69.42.77.185 1 69.42.77.209 120 69.43.143.57 1 69.56.59.245 1 69.59.191.41 1 69.6.66.15 1 69.6.7.179 1 69.6.79.110 < 1 69.6.79.114 < 1 69.6.79.124 <<< 6 IPs grouped by sorting 1 69.6.79.131 < 1 69.6.79.133 < 1 69.6.79.139 < 1 69.60.98.163 1 69.8.178.105 1 69.8.178.108 1 69.8.178.120 1 69.8.178.121 9 69.8.166.10 1 80.15.23.144 1 80.161.19.237 1 80.179.0.130 1 81.155.175.152 1 81.218.132.92 1 81.218.166.81 1 81.218.62.159 1 81.220.148.121 Len _____________________________________________________________________ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
