[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unknown User message in sendmail maillog.

To: silug-discuss@silug.org
Subject: Re: Unknown User message in sendmail maillog.
From: fiaid@quasi-sane.com
Date: Wed, 5 Feb 2003 11:11:11 -0600 (CST)
In-Reply-To: <FB0756A99E8AC94789E9D0949DCA408A137505@amcw2ms826.amc.ds.af.mil>
Organization: Southern Illinois Linux Users Group
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

Remember, there are no stupid questions, only stupid people.  I love 
Southpark.

I think that the reasoning behind this is to give it a true variable name 
and space instead of using $_ as you would need to do with the "while 
(<>)"  Also, by array loading this, you are able to call back into the 
array instead of losing it once it is gone by, you can do a $foo[16] 
whereas you can't do a $_[16].  If you can though, tell me, I have a 
shitton of scripts that I can rewrite.

Tighe

> However, I do have a possibly stupid question.  Won't this approach read
> the entire log file into memory before using it? In fact if you did it
> against /var/log/maillog* wouldn't it read the contents of every mailog
> file into memory all at once, and then proceed to start going through
> them line by line?  Wouldn't it be more efficient to do something like
> 
> while (<>)  
> {
> ...
> }
> 
> instead of 
> 
> @foo=<>;
> 
> for my $bar (@foo) 
> {
>   ...
> }
> 
> There is a comment on page 18 of the Camel book that sort of subtly mentions this in a not very clear sort of a way.
> 
> 
> -----Original Message-----
> From: Steven Pritchard [mailto:steve@silug.org]
> Sent: Friday, January 31, 2003 9:36 AM
> To: silug-discuss@silug.org
> Cc: luci-discuss@luci.org
> Subject: Re: Unknown User message in sendmail maillog.
> 
> 
> On Thu, Jan 30, 2003 at 05:35:27PM -0600, Aaron Cronkright wrote:
> > My problem is that I can't seem to find the log entry that gives me
> > the ip addr and/or hostname of the computer doing this. Anyone have a
> > finger to point me in the proper direction so I can block this bozo at
> > the firewall?
> 
> Try the following (admittedly inefficient) script against
> /var/log/maillog*:
> 
> #!/usr/bin/perl
> 
> @foo=<>;
> 
> for my $bar (@foo) {
>     if ($bar =~ /sendmail\[\d+\]:\s+(\w+):\s+.*\<([^\>]+)\>.*User unknown$/) {
>         my $id=$1;
>         my $to=$2;
>         for my $baz (grep { /:\s+$id:/ } @foo) {
>             if ($baz =~
>                 /:\s+$id:\s+from=\<([^\>]+)\>.*relay=[^\[]*\[([\d\.]+)\]$/) {
>                 print "from=<$1> to=<$to> relay=<$2>\n";
>                 last;
>             }
>         }
>     }
> }
> 
> Hmm...  Looks like I'll need to make an optimization pass before I can
> effectively use that myself.  It's taking a *really* long time to run
> on the mail server here.  :-)
> 
> Steve
> 

-- 
Tighe Schlottog         workape         fiaid
"Nothing is too cruel if it is funny enough."


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

References:
- Re: Unknown User message in sendmail maillog.
  - From: "Flood Randy Capt AFCA/TCAA" <Randy.Flood@scott.af.mil>

Prev by Date: Re: Unknown User message in sendmail maillog.
Next by Date: Re: Unknown User message in sendmail maillog.
Prev by thread: Re: Unknown User message in sendmail maillog.
Next by thread: Re: Unknown User message in sendmail maillog.
Index(es):
- Date
- Thread