I have one of my "IMGate admin contract" clients have one of his users
complain that they have been getting 50 spams a day over the last two
weeks, where before the spam was just one or two / day.
So I made a little script to look at deliveries from IMGate and reject by
IMGate to that user. Here's the script, quick and dirty:
#!/bin/sh
for day in `jot 60` ; do
#uncomment first line to see deliveries/day
#uncomment second line to see rejects/day
#zegrep -i "smtp\[.*to=<[EMAIL PROTECTED]" /var/log/maillog.$day.gz | wc -l
#zegrep -i "smtpd\[.*reject.*to=<[EMAIL PROTECTED]" /var/log/maillog.$day.gz
| wc -l
done
exit 0
For the complainant (ugly word), here are the numbers, first for deliveries
from ( today - 1 ) to ( today - 60 )
mx4# /usr/local/bin/deliveries.sh
57
33
23
24
46
56
39
47
23
16
35
65
29
33
20
2
2
7
18
8
11
18
4
2
10
12
21
11
13
9
7
28
23
24
30
22
7
12
27
38
21
20
22
12
5
25
19
15
20
15
5
4
14
14
17
17
12
4
2
15
and then the rejects/day, from yesterday to 60 days ago:
mx4# /usr/local/bin/deliveries.sh
4
2
1
14
7
5
4
5
42
2
3
8
7
7
52
37
82
39
50
28
29
25
17
19
26
22
34
1686
3612
2963
3032
2731
2804
2831
2893 WTF! happened here??? (but no praise from her, of course)
2930
2873
3194
3183
2708
2259
1935
1621
1640
1523
1431
862
495
457
458
368
288
228
131
17
20
26
22
19
19
So I agree that her rejects/day has been essentially single digit for the
last 2 weeks, but she is not totally, accidentally whitelisted (as my
client suspected) because there are still stmpd rejects every day.
Now I'm going to come up with script that shows the [EMAIL PROTECTED]
for each of her deliveries, but this is harder because recipient and sender
are logged on two different lines, and of course perhaps the sender was <>
so the sending ip will then have to be extracted.
Len
