I use a command line such as:
>grep "Nov 14" /var/log/maillog | grep "Unrouteable address" |
./rejects.pl
Which, greps out all entries for Nov 14, then greps out the unrouteable
address refusals and then pipes it to the below perl script. Keep in
mind that you may need to modify the parsing depending upon how your log
file lines "look", but the concept is that it strips out the host and ip
address, stuffs them into hashes and keeps track of them. The output
files, once sorted in a spreadsheet program, show me exactly who is
responsible for the most refused mail. It doesn't take much to deduce
that they are most likely spammers, and an educated guess can be made as
to whether I want to ban them in Exim, or ban them at the firewall.
It's amazing how well that works.
#!/usr/bin/perl
%HOSTNAMES;
%IPS;
%HOSTIP;
%BLOCKS;
while(<STDIN>){
my ($line1,$line2)=split(/H=/,$_,2);
my ($line3,$line4)=split(/P=/,$line2,2);
$line3=~s/[()]//g;
my ($line4,$line5)=split(/\[/,$line3,2);
my ($host,$junk)=split(/ /,$line4,2);
my ($ip,$junk)=split(/ /,$line5,2);
$ip=~s/\]//g;
my $hostipstr="$host,$ip";
$IPS{$ip}=$IPS{$ip}+1;
$HOSTNAMES{$host}=$HOSTNAMES{$host}+1;
$HOSTIP{$hostipstr}=$HOSTIP{$hostipstr}+1;
my ($a,$b,$c,$d)=split(/\./,$ip,4);
my $ipblock="$a.$b.$c.0";
$BLOCKS{$ipblock}=$BLOCKS{$ipblock}+1;
}
open(WR,">/etc/exim/mail-reject-rcpt.rejecthostnames.csv");
@hostnames=sort{$HOSTNAMES{$a} cmp $HOSTNAMES{$b} } keys %HOSTNAMES;
foreach my $key (@hostnames){
print WR "$key,$HOSTNAMES{$key}\n";
}
close(WR);
open(WR,">/etc/exim/mail-reject-rcpt.rejectips.csv");
@ips=sort{$IPS{$a} cmp $IPS{$b} } keys %IPS;
foreach my $key (@ips){
print WR "$key,$IPS{$key}\n";
}
close(WR);
open(WR,">/etc/exim/mail-reject-rcpt.rejectip.csv");
@hostip=sort{$$HOSTIP{$a} cmp $HOSTIP{$b} } keys %HOSTIP;
foreach my $key (@hostip){
print WR "$key,$HOSTIP{$key}\n";
}
close(WR);
open(WR,">/etc/exim/mail-reject-rcpt.rejectblocks.csv");
@blocks=sort{$BLOCKS{$a} cmp $BLOCKS{$b} } keys %BLOCKS;
foreach my $key (@blocks){
print WR "$key/24,$BLOCKS{$key}\n";
}
close(WR);
> -----Original Message-----
> From: exim-users-admin@???
> [mailto:exim-users-admin@exim.org] On Behalf Of Brian Kendig
> Sent: Friday, November 15, 2002 12:15 PM
> To: exim-users@???
> Subject: [Exim] 'eximstats'-like reporting for rejected emails?
>
>
> I want to use a program like 'eximstats' to tell me exactly
> how many messages my Exim 4.10 server has rejected, and why
> -- because they were relay attempts, or because local_scan()
> rejected them, or because they were invalid, or whatever.
> Along with the rejected stats, I want to see exactly how many
> messages were accepted by the mail server. (I'm using
> SA-Exim to bounce spam, and I want stats on how effective it's
> being.)
>
> But eximstats doesn't offer this sort of reporting. I
> searched the mailing list archives and found an old (1998)
> discussion of people intending to write a tool that would
> report rejects, but nothing seems to have come of that.
>
> What's the best way to report on rejected messages? Are
> there any tools which will do it?
>
>
> --
>
> ## List details at
> http://www.exim.org/mailman/listinfo/exim-> users Exim details
> at http://www.exim.org/ ##
>
>