Re: [dspam-users] Template modification that will show IP address

Mon, 17 Mar 2008 15:05:24 -0700 


Ion-Mihai Tetcu wrote:

On Thu, 13 Mar 2008 16:53:06 -0700
Will McCullough <[EMAIL PROTECTED]> wrote:


  

Hello,


Does anyone know how I can display IP address of the sender on the 
quarantine template?  I suspect that some IPs are consistantly spamming 
my server and Id like to ban them on the firewall.  So for that reason 
Id like to display by IP and also sort by IP for quick viewing.  Any 
assistance appreciated.
    



Why not use 
TrackSources spam

in dspam.conf ?
Then
bzgrep 'spam detected from ' /var/log/maillog | sed 's/.*spam detected from //' 
| uniq
will give you a nice list of IPs.

Or, if you need more context, you can use the system.log
I use the following in multitail.conf to make it easier to keep an eye
on what happens with my dspam:
# dspam log
colorscheme:dspam:dspam.nuclearelephant.com
cs_re_s:magenta:[A-Z][a-z]{2}[ ][0-9]{2}[ ][0-9]{2}[:][0-9]{2}[:][0-9]{2}[ 
][0-9]+[[:blank:]](S)
cs_re_s:red:[A-Z][a-z]{2}[ ][0-9]{2}[ ][0-9]{2}[:][0-9]{2}[:][0-9]{2}[ 
][0-9]+[[:blank:]](N)
cs_re_s:blue:[A-Z][a-z]{2}[ ][0-9]{2}[ ][0-9]{2}[:][0-9]{2}[:][0-9]{2}[ 
][0-9]+[[:blank:]]([I|W])
cs_re_s:blue:[A-Z][a-z]{2}[ ][0-9]{2}[ ][0-9]{2}[:][0-9]{2}[:][0-9]{2}[ 
][0-9]+[[:blank:]]([M])
cs_re_s:magenta:(Quarantined)
cs_re_s:red:.*(Blacklisted).*\((.*)\)
cs_re_s:yellow:.*(Retrained).*
cs_re_s:blue:(Delivered|Auto-Whitelisted)
cs_re_s:green:([EMAIL PROTECTED])
# dspam
scheme:dspam:/var/db/dspam/
#dspam
convert:dspam:epochtodate:^([0-9]+)

And run multitail like:
multitail -M 500 -cv dspam -ke 
'10[[:digit:]][[:digit:]],[[:alnum:]]+[[:blank:]]' \
                        -ke '[[:blank:]]0[.][[:alnum:]]+' \
                        -ke '<[EMAIL PROTECTED]>$' \
                        -cS dspam -f /var/db/dspam/system.log




  

I found this to be an interesting question, and I really liked your answer too.  But it 
raised more questions about my installation.  First of all, what is the difference 
between the configure option logfile=*** and system.log?  I set my 
logfile=somepath/dspam.log on my configure command line.  Funny thing is, nothing has 
gone into that file yet, nor has the file been created yet.  However, I do have a 
system.log in my dspam-home directory, in which it does seem a lot of stuff is getting 
logged.  Which brings me to my second question:  I enabled the "TrackSources 
spam" in my dspam.conf, but I still don't see any IP addresses going in there, so 
that must not be the way it was meant to be.























					Reply via email to