Saturday, April 26, 2008

Spam counter (again)

This is similar to the previous one, but with cleaner and sorted output. It shows the most active spammer IP and email address.

Output looks like this:

# cat /var/log/maillog|./spam.pl
RELAY: 209.164.135.147 - HITS: 9
RELAY: 209.164.135.149 - HITS: 6
.....
EMAIL: success@soivotru.info - HITS: 20
EMAIL: specials@123greetings.biz - HITS: 2



#!/usr/bin/perl

#Sep 23 09:16:13 mail MailScanner[30884]: Message i8NEG1E5031187 
#from 219.251.60.206 (xzxhyubzzdgwi@msn.com) to ourdomain.com is spam

while() {
        if(/^.*?from\s+(.*?)\s+\((.*?)\)\s+.*?is\s+spam.*/) {
                $orelay{$1}++;
                $email{$2}++;
        }
}

sub srelay {
        $orelay{$b} <=> $orelay{$a};
}

sub semail {
        $email{$b} <=> $email{$a};
}

foreach $line (sort srelay (keys(%orelay))) {
        print "RELAY: $line - HITS: $orelay{$line}\n";
}

foreach $line (sort semail (keys(%email))) {
        print "EMAIL: $line - HITS: $email{$line}\n";
}
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)