Re: [exim] Finding largest senders

Top Page
Delete this message
Reply to this message
Author: Jasen Betts
Date:  
To: exim-users
Subject: Re: [exim] Finding largest senders
On 2016-02-03, mtrainer@??? <mtrainer@???> wrote:
>
>
> Hi again,
>
> We are currently using the command below to find the 30 largest
> authenticated senders on our exim mta's so we can check if it is valid
> email or spam:
>
> grep -h '^-auth_id' /var/spool/exim4/input/*|sort'|cut -f3 -d"
> "|sort|uniq -c|sort -rn|head -30
>
> The problem with this is that it only counts emails and not recipients.
> We could have a spammer with 5 emails with 1000 recipients in each and
> we wouldn't notice from the list above
>
> Is there an easier way to do this maybe with exipick instead of having
> to go through the emails for each sender and count recipients then add
> them all up?


add a logwrite command to the "RCPT" acl.
"acl_smtp_rcpt"

warn
authenticated = *
logwrite = RCPT-FROM-AUTH $authenticated_id

now you'll see one line per recipient


--
\_(ツ)_