I need to count how many smtp-auth sends were done by a particular login or IP


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Email » Spam
Top Level » Email » Exim

I need to count how many smtp-auth sends were done by a particular login or IPLast Modified: Nov 8, 2012, 11:07 pm
If you think someone is sending email using smtp-auth through your system, but need a quick way to count up each user/IP total, you can use the following script:

#!/bin/sh

A=/tmp/auths.txt
U=/tmp/users.txt
C=/tmp/counts.txt
I=/tmp/ips.txt

echo -n '' > $A
for m in `ls /var/log/exim/mainlog*`; do
{
       grep 'P=esmtpa A=login:' $m >> $A
};
done;

#show Users
cat $A | cut -d= -f5 | cut -d: -f2 |cut -d\  -f1 | sort -u > $U

echo -n '' > $C
for u in `cat $U`; do
{
       echo "`grep -c $u $A` sent by $u" >> $C;
};
done;

cat $C | sort -n

#now show IPs
cat $A | cut -d= -f3 | cut -d[ -f2 | cut -d] -f1 | sort -u > $I
echo -n '' > $C
for i in `cat $I`; do
{
       echo "`grep -c $i $A` sent by $i" >> $C;
};
done;

cat $C | sort -n

rm -f $A $U $C $I

exit 0;

Save it to a file, chmod to 755, and run it.
Keep in mind that it will process /var/log/exim/mainlog*.
If this is too slow, remove the * character so it's just /var/log/exim/mainlog, if you don't need stats for that far back.
 
Related Helpfiles
How to limit the number of emails sent by each user (prevent spammer)
My server is sending spam. What do I do?

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST