On 2016-02-03, mtrainer@??? <mtrainer@???> wrote: >
>
> Hi again,
>
> We are currently using the command below to find the 30 largest
> authenticated senders on our exim mta's so we can check if it is valid
> email or spam:
>
> grep -h '^-auth_id' /var/spool/exim4/input/*|sort'|cut -f3 -d"
> "|sort|uniq -c|sort -rn|head -30
>
> The problem with this is that it only counts emails and not recipients.
> We could have a spammer with 5 emails with 1000 recipients in each and
> we wouldn't notice from the list above
>
> Is there an easier way to do this maybe with exipick instead of having
> to go through the emails for each sender and count recipients then add
> them all up?
add a logwrite command to the "RCPT" acl.
"acl_smtp_rcpt"
