On Thu, 13 Mar 2008 16:53:06 -0700 Will McCullough <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Does anyone know how I can display IP address of the sender on the
> quarantine template? I suspect that some IPs are consistantly spamming
> my server and Id like to ban them on the firewall. So for that reason
> Id like to display by IP and also sort by IP for quick viewing. Any
> assistance appreciated.
Why not use
TrackSources spam
in dspam.conf ?
Then
bzgrep 'spam detected from ' /var/log/maillog | sed 's/.*spam detected from //'
| uniq
will give you a nice list of IPs.
Or, if you need more context, you can use the system.log
I use the following in multitail.conf to make it easier to keep an eye
on what happens with my dspam:
# dspam log
colorscheme:dspam:dspam.nuclearelephant.com
cs_re_s:magenta:[A-Z][a-z]{2}[ ][0-9]{2}[ ][0-9]{2}[:][0-9]{2}[:][0-9]{2}[
][0-9]+[[:blank:]](S)
cs_re_s:red:[A-Z][a-z]{2}[ ][0-9]{2}[ ][0-9]{2}[:][0-9]{2}[:][0-9]{2}[
][0-9]+[[:blank:]](N)
cs_re_s:blue:[A-Z][a-z]{2}[ ][0-9]{2}[ ][0-9]{2}[:][0-9]{2}[:][0-9]{2}[
][0-9]+[[:blank:]]([I|W])
cs_re_s:blue:[A-Z][a-z]{2}[ ][0-9]{2}[ ][0-9]{2}[:][0-9]{2}[:][0-9]{2}[
][0-9]+[[:blank:]]([M])
cs_re_s:magenta:(Quarantined)
cs_re_s:red:.*(Blacklisted).*\((.*)\)
cs_re_s:yellow:.*(Retrained).*
cs_re_s:blue:(Delivered|Auto-Whitelisted)
cs_re_s:green:([EMAIL PROTECTED])
# dspam
scheme:dspam:/var/db/dspam/
#dspam
convert:dspam:epochtodate:^([0-9]+)
And run multitail like:
multitail -M 500 -cv dspam -ke
'10[[:digit:]][[:digit:]],[[:alnum:]]+[[:blank:]]' \
-ke '[[:blank:]]0[.][[:alnum:]]+' \
-ke '<[EMAIL PROTECTED]>$' \
-cS dspam -f /var/db/dspam/system.log
--
IOnut - Un^d^dregistered ;) FreeBSD "user"
"Intellectual Property" is nowhere near as valuable as "Intellect"
FreeBSD committer -> [EMAIL PROTECTED], PGP Key ID 057E9F8B493A297B
signature.asc
Description: PGP signature
