GREPing Maillog

Rick Cooper rcooper at dwford.com
Wed Oct 1 18:17:00 IST 2008 

Don't know about FreeBSD but plain 'ole grep -A would be what you are
looking for. grep -A 4 something maillog will return what you are looking
for plus the next four lines. If there is more than one match the matches
will be separated by a line of "---" chars. Of course you can redirect
output to a file as normal, or you can pipe through tee if you want it going
to stdout and a file(s)
 
Rick


  _____  

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Josh Kidd
Sent: Wednesday, October 01, 2008 12:00 PM
To: mailscanner at lists.mailscanner.info
Subject: GREPing Maillog



May not be the best place to submit this question but wondered if anyone had
any suggestions on how I could find an entry in my maillog and then copy
that line and the next 4 lines into a text file. 

 

I know I can grep on the string I'm looking for, "grep Message delivery
request rate limit exceeded /var/log/maillog", but I also want to record the
statistics after that then somehow copy all of it into a file that I can
access to show me what IPs may be abusing our server (don't mind the limit
below it's low for testing).  I'm using the Postfix anvil daemon to record
these statistics, that seems to be working fine but we want to know if there
is a computer that is sending out more than our pre-determined limit in case
that computer has been infected. 

 

The server is FreeBSD 7, with Postfix, MailScanner (ClamAV and SA), and
MailWatch. The log entries I'm looking for are these.

 

Sep 28 17:41:24 fred postfix/smtpd[38086]: warning: Message delivery request
rate limit exceeded: 6 from unknown[10.30.0.11] for service smtp

Sep 28 17:41:24 fred postfix/smtpd[38086]: disconnect from
unknown[10.30.0.11]

Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max connection rate
6/30s for (smtp:10.30.0.11) at Sep 28 17:41:24

Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max connection count
1 for (smtp:10.30.0.11) at Sep 28 17:41:24

Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max message rate
6/30s for (smtp:10.30.0.11) at Sep 28 17:41:24

 

 


-- 
This message has been scanned for viruses and 
dangerous content by  <http://www.mailscanner.info/> MailScanner, and is 
believed to be clean. 


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081001/21fedde4/attachment.html

More information about the MailScanner mailing list