> Here's command to look at the SMTP connections for today 08: hours:
>
> awk '/^Dec 22 08.* connect from/ {print $8}' /var/log/maillog | sort -f |
> uniq -ic | sort -rf | less
>
> note: the space before " connect from" is important to exclude the
> companion but useless "disconnnect from" for the same SMTPD session.
>
> which gives an output :
>
> 101 unknown[211.21.171.1]
> 86 unknown[63.251.200.47]
> 60 unknown[63.251.200.55]
> 58 unknown[194.162.80.26]
> 58 mail.ee.net[206.222.1.5]
> 52 unknown[217.169.231.82]
> 48 casinotechnologies.com[64.69.65.146]
> 46 unknown[218.234.19.108]
> 42 smtp-server3.tampabay.rr.com[65.32.1.41]
> 41 unknown[67.72.16.252]
> 40 unknown[63.251.200.54]
> 38 unknown[204.77.129.41]
> 34 unknown[66.181.171.114]
> 32 unknown[211.220.42.42]
> 31 smtp-server4.tampabay.rr.com[65.32.1.43]
> 28 unknown[168.215.180.72]
> 26 xoa33.etracks.com[66.236.48.33]
> 26 xoa31.etracks.com[66.236.48.31]
> 26 unknown[202.103.182.62]
>
> Len
Thanks Len, excellent execution and analysis, I cant wait to use it
So that Spamstats and main cf talks and talks on the list remain consistent
what are you going to name this map file (harvested from the output above)?
mta_clients_processes ???
And BTW:
Are domain names in mta_clients_black.map case sensitive???
Thanks & Merry Christmas
-A
