1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

General command line question and MAPS question.

Discussion in 'Plesk for Linux - 8.x and Older' started by Tormente, Oct 1, 2005.

  1. Tormente

    Tormente Guest

    0
     
    Is there a way, from the command line, to grep the Log Watch Emails (or multiple files) and output a list of top SMTP connections, grouped by network range? (combine the number of connections from individual IPs in the range of "###.###.###.")

    Also, does anyone know of a MAPS server that will block network ranges, or groups of IPs of high abuse spammers? Or any way to automatically do that (iptable)?

    Thanks.
     
  2. carliebentley

    carliebentley Guest

    0
     
    I've been blocking IP ranges using the firewall module.

    Since you're running 8, if you make any changes to the firewall rules and attempt to block connections from IP addresses you'll probably have to apply the changes and then go out and start mail again through the services panel.

    I'm not sure why but every time I add an IP range and then apply the configuration in the firewall module, I have to go start mail services again.
     
  3. jamesyeeoc

    jamesyeeoc Guest

    0
     
    PHP:
    cat /var/log/secure*|grep smtp|awk -F'{print $5}'|sed 's/^.*from=//; s/\.[0-9]\{1,3\}$//;'|sort|uniq -c|sed 's/^ *//;'|sort -gnr|more
    You will have to change the path/filename to whatever you want, but it will printout a list such as:
    Code:
    4594    208.177.40
    4549    209.190.8
    4322    209.190.15
    3910    209.190.9
    3873    216.242.123
    2393    208.177.41
    1974    204.13.7
    Then just a little scripting to put it into your firewall of choice...

    Use caution and common sense, you wouldn't want to block a valid hosted user who happens to be email happy... :)
     
Loading...