Re: [exim] Finding largest senders

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Jasen Betts
Fecha:  
A: exim-users
Asunto: Re: [exim] Finding largest senders
On 2016-02-03, mtrainer@??? <mtrainer@???> wrote:
>
>
> Hi again,
>
> We are currently using the command below to find the 30 largest
> authenticated senders on our exim mta's so we can check if it is valid
> email or spam:
>
> grep -h '^-auth_id' /var/spool/exim4/input/*|sort'|cut -f3 -d"
> "|sort|uniq -c|sort -rn|head -30
>
> The problem with this is that it only counts emails and not recipients.
> We could have a spammer with 5 emails with 1000 recipients in each and
> we wouldn't notice from the list above
>
> Is there an easier way to do this maybe with exipick instead of having
> to go through the emails for each sender and count recipients then add
> them all up?


add a logwrite command to the "RCPT" acl.
"acl_smtp_rcpt"

warn
authenticated = *
logwrite = RCPT-FROM-AUTH $authenticated_id

now you'll see one line per recipient


--
\_(ツ)_