>>they are probably the same.
Below is my stats for today along with the script I'm running. The scripts
is blocking tons of traffic, but I'm confused since (63.237.136.92)|
(63.237.136.93)| are the OLD ip address before I moved the email servers
last year. I will update with the new IP addresses. Is the current script ?
And also how can it work since
imgate1# egrep "550 unknown user" -i /var/log/maillog | egrep 63.237.136 |
wc -l
0
1 SMTP Exceeded Hard Error Limit after DATA
2 RBL opm.blitzed.org
9 RBL relays.ordb.org
12 ACL to_local_recipients unknown recipient
13 ACL [EMAIL PROTECTED]
29 RBL relays.visi.com
42 ACL mta_clients
57 SMTP invalid [EMAIL PROTECTED]
117 DNS no A/MX for @recipient.domain
124 ACL header checks
179 SMTP Exceeded Hard Error Limit after RCPT
304 SMTP invalid [EMAIL PROTECTED]
1010 ACL unauthorized relay
1942 RBL dnsbl.njabl.org
2554 SMTP unauthorized pipelining
3653 RBL bl.spamcop.net
4346 DNS no A/MX for @sender.domain
6234 RBL sbl.spamhaus.org
8504 DNS timeout for MTA PTR hostname (forged @sender.domain)
18017 RBL list.dsbl.org
44415 ACL to_recipients_dead
91564 TOTAL
#!/bin/sh
# This script makes a .map file of non-exisitng recipients with
# a minimum of 5 bounces (controled by awk) per day
grep "550 unknown user" -i /var/log/maillog | \
egrep "
(63.237.136.92)|
(63.237.136.93)|
" |\
cut -d "<" -f 2 |\
cut -d ">" -f 1 |\
sort -f |\
uniq -ic | \
awk '{ if ($1 > 4) print $2 " 554 ACL to_recipients_bad"}' \
>> /etc/postfix/to_recipients_bad.map
sort -f < /etc/postfix/to_recipients_bad.map |\
uniq -i > /etc/postfix/to_recipients_bad.map.tmp
cp /etc/postfix/to_recipients_bad.map.tmp /etc/postfix/to_recipients_bad.map
/usr/sbin/postmap /etc/postfix/to_recipients_bad.map
exit 0
Andrew P. Kaplan
www.cshore.com
"I went into the woods because I wished to live deliberately, to front only
the essential facts of life, and see if I could not learn what it had to
teach, and not, when I came to die, discover that I had not lived."
Henry David Thoreau
