On Wed, Jul 14, 2010 at 10:28 AM, W B Hacker <wbh@???> wrote:
> Marc Perkel wrote:
>> Is there a variable that returns the number of seconds the connection
>> has been open? I have a theory that virus spam bots send email a lot
>> slower than normal and that I'd like to see if this is so.
> 'When' we still accepted connections frmm them at all (scoring system vs RDNS &
> dynamic-IP RBL's) we found the reverse to generally be so.
> A delay of 13-15 seconds usually saw the greater part of them abandon and move
> on, and extremely rare was the miscreant that would wait 30 seconds.
You're talking about banner delay Bill, whereas Marc was asking about
the total time that a connection has been open. Short of some
grepping and awking, I can't come up with any way to see that...
ps aux | grep '/usr/sbin/exim' | egrep -v -- 'grep|-Mc' | awk '{print $9}'
With a little massaging you could correlate that time since the
process started to the hostname, but it sounds like a giant kludge
that will be prone to error. I could be misreading it though.
--
Regards... Todd
I seek the truth...it is only persistence in self-delusion and
ignorance that does harm. -- Marcus Aurealius
