<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>May not be the best place to submit this question but
wondered if anyone had any suggestions on how I could find an entry in my
maillog and then copy that line and the next 4 lines into a text file. <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I know I can grep on the string I’m looking for, “grep
Message delivery request rate limit exceeded /var/log/maillog”, but I
also want to record the statistics after that then somehow copy all of it into
a file that I can access to show me what IPs may be abusing our server (don’t
mind the limit below it’s low for testing). I’m using the
Postfix anvil daemon to record these statistics, that seems to be working fine
but we want to know if there is a computer that is sending out more than our
pre-determined limit in case that computer has been infected. <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>The server is FreeBSD 7, with Postfix, MailScanner (ClamAV
and SA), and MailWatch. The log entries I’m looking for are these.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Sep 28 17:41:24 fred postfix/smtpd[38086]: warning: Message
delivery request rate limit exceeded: 6 from unknown[10.30.0.11] for service
smtp<o:p></o:p></p>
<p class=MsoNormal>Sep 28 17:41:24 fred postfix/smtpd[38086]: disconnect from
unknown[10.30.0.11]<o:p></o:p></p>
<p class=MsoNormal>Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max
connection rate 6/30s for (smtp:10.30.0.11) at Sep 28 17:41:24<o:p></o:p></p>
<p class=MsoNormal>Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max
connection count 1 for (smtp:10.30.0.11) at Sep 28 17:41:24<o:p></o:p></p>
<p class=MsoNormal>Sep 28 17:41:25 fred postfix/anvil[38088]: statistics: max
message rate 6/30s for (smtp:10.30.0.11) at Sep 28 17:41:24<o:p></o:p></p>
<p class=MsoNormal><i><span style='font-size:13.5pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></i></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>