Extracting The Ips From Exim_rejectlog

Jun 27, 2009

Im trying to figure out how to pull ips from exim_rejectlog so I can write them to the firewall deny file. I got a client under a serious spam attack for over 2 weeks now, worst I ever seen. I guess someone went out and submitted his domains or emails at different spam me places and now we are getting incoming emails like 10-20 per second non stop.

We have got the email server rejecting perfectly, very little gets through. Actually only the legit spam, the kind sent from legit servers with no reason for exim to block it, not blacklisted or anything- the emails have unsubscribe links and all.

But we need to get the flow of spam down, even though it is getting blocked our log files get huge in no time. The client recently had to pay overages on dnsmadeeasy for so many queries, we moved the dns to softlayer.

So now we want to start banning all ips that send mail that gets rejected in case it is the same servers spamming him over and over.

To cut the ips out, it takes f4 and f5 like:

tail -f exim_rejectlog > badips

cut -f4 -d' ' badips

Then it will show ips for some and some the hostname so I guess its not gonna work to do that.
example (these are all spam ips, blackllisted or otherwise so no innocent persons ip is posted here)

Code:
root@host [/var/log]# cut -f4 -d' ' badips
[187.11.192.214]
(mail.flewid.net)
[63.247.74.226]
[212.38.114.28]
[130.73.108.11]
[130.73.108.11]
[201.233.13.192]
[201.233.13.192]
[187.44.131.201]
(phmexch01.PHM.local)
[62.149.35.16]
[89.211.53.195]
[89.211.53.195]
[189.107.46.191]
[187.44.131.201]
[189.106.158.125]
[64.91.254.149]
(server.adultcustomgoods.com)
[147.97.234.35]
(linux.dnvietnam.com)
[210.242.11.254]
[200.90.147.55]
[200.90.147.55]
(clusterlerss.lerss.fr)
[201.74.26.170]
[200.58.166.164]
As you see it is mostly ips but some hostnames so those cannot be added to csf.deny. So I need just the ips and NOT the [] chars or hostname.

here is a sample log excerpt ....

View 2 Replies


ADVERTISEMENT

WAR File Not Self Extracting

Jun 18, 2009

I have a new installation running tomcat in WHM and it works fine for manuallly uploaded files

But the user have uploaded a .war file that supossedly should autoextract but it doesn't

File is located in the public_html folder, is there something additional I should for this to work?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved