Rob Tanner skrev den 2013-06-14 00:18:
As requested. I suppose I could grab the queue ID and back track to
the sender but when the logs get long (which they do, half a million
or more lines) these scans can take a while and I'm trying to capture
this info in real time (more or less):
big logs
Hi,
I'm trying to come up with mechanisms to catch compromised accounts sending
SPAM. Since spammers don't necessarily have all good addresses a large number
of their SPAM messages bounce with 550 errors (mailbox unavailable or doesn't
even exist). I would like to monitor men logs and catch
Can you cut part of you log file and send to the list?
I am able to detect in a single line when I find NOQUEUE in log.
Regards,
Newton Pasqualini Filho
newtonpasqual...@gmail.com
Em 13/06/2013, às 18:34, Rob Tanner rtan...@linfield.edu escreveu:
Hi,
I'm trying to come up with mechanisms
As requested. I suppose I could grab the queue ID and back track to the sender
but when the logs get long (which they do, half a million or more lines) these
scans can take a while and I'm trying to capture this info in real time (more
or less):
Jun 13 15:10:47 neskowin postfix/qmgr[13765]:
Check if you can do a early logrotate, this will help you with this problem
when running scripts.
You can every hour rotate the log file and then run this script into the old
log.
Newton Pasqualini Filho
newtonpasqual...@gmail.com
Em 13/06/2013, às 19:28, Newton Pasqualini Filho