[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Unknown User message in sendmail maillog.
On Thu, Jan 30, 2003 at 05:35:27PM -0600, Aaron Cronkright wrote:
> My problem is that I can't seem to find the log entry that gives me
> the ip addr and/or hostname of the computer doing this. Anyone have a
> finger to point me in the proper direction so I can block this bozo at
> the firewall?
Try the following (admittedly inefficient) script against
/var/log/maillog*:
#!/usr/bin/perl
@foo=<>;
for my $bar (@foo) {
if ($bar =~ /sendmail\[\d+\]:\s+(\w+):\s+.*\<([^\>]+)\>.*User unknown$/) {
my $id=$1;
my $to=$2;
for my $baz (grep { /:\s+$id:/ } @foo) {
if ($baz =~
/:\s+$id:\s+from=\<([^\>]+)\>.*relay=[^\[]*\[([\d\.]+)\]$/) {
print "from=<$1> to=<$to> relay=<$2>\n";
last;
}
}
}
}
Hmm... Looks like I'll need to make an optimization pass before I can
effectively use that myself. It's taking a *really* long time to run
on the mail server here. :-)
Steve
--
steve@silug.org | Southern Illinois Linux Users Group
(618)398-7360 | See web site for meeting details.
Steven Pritchard | http://www.silug.org/
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.