GREPing Maillog

Josh Kidd jkidd at afflink.com
Wed Oct 1 16:59:54 IST 2008


May not be the best place to submit this question but wondered if anyone
had any suggestions on how I could find an entry in my maillog and then
copy that line and the next 4 lines into a text file. 

 

I know I can grep on the string I'm looking for, "grep Message delivery
request rate limit exceeded /var/log/maillog", but I also want to record
the statistics after that then somehow copy all of it into a file that I
can access to show me what IPs may be abusing our server (don't mind the
limit below it's low for testing).  I'm using the Postfix anvil daemon
to record these statistics, that seems to be working fine but we want to
know if there is a computer that is sending out more than our
pre-determined limit in case that computer has been infected. 

 

The server is FreeBSD 7, with Postfix, MailScanner (ClamAV and SA), and
MailWatch. The log entries I'm looking for are these.

 

Sep 28 17:41:24 fred postfix/smtpd[38086]: warning: Message delivery
request rate limit exceeded: 6 from unknown[10.30.0.11] for service smtp

Sep 28 17:41:24 fred postfix/smtpd[38086]: disconnect from
unknown[10.30.0.11]

Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max connection
rate 6/30s for (smtp:10.30.0.11) at Sep 28 17:41:24

Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max connection
count 1 for (smtp:10.30.0.11) at Sep 28 17:41:24

Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max message rate
6/30s for (smtp:10.30.0.11) at Sep 28 17:41:24

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081001/31f910e8/attachment.html


More information about the MailScanner mailing list