Robert Chalmers (Author) skrev den 2020-07-06 17:58:
From what I”m looking at, both these achieve much the same thingMine: A much longer list… but still unknowns. grep unknown /var/log/postfix.log | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sort -n | uniq > output.txt
this includes clients that have no reverse dns, but not fail to not to use sasl auth, this is your fail, not clients, unless you like to punish clients equal
Pretty good… from Jerry. Very nice and very short list of unknowns. bzgrep -e auth=0/1 "/var/log/postfix.log" | sed 's/.*\[\([^]]*\)\].*/\1/g' | sort -V | uniq > "/tmp/Bad_IP.txt”
this is the proper way of only hit auth abusers, reverse dns fails is not tracked here
intersting
just like Comal :=)
