[BlueOnyx:10749] sendmail log commands?
Gregg
greggk1 at cox.net
Thu Jun 7 16:04:09 -05 2012
A month or so ago there was discussions regarding trojans and backdoors and
checking your logs for who is sending email.
There was one particular command that was given that seemed like it could
work nicely:
One way to find who is sending the most e-mails is to use this command:
cat /var/log/maillog | grep from | cut -d " " -f7 | uniq -c | sort -nr |
less
I tried using that command on my system and it didn't give me the users that
were sending out email but rather the actual files that are in the mqueue
folder. So something like q57L4NQU004856 . I assume that is not the way it's
supposed to work :)
Is there something wrong with that command? Are there any useful commands
that you guys use to check out on your systems? :)
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20120607/7891eb52/attachment.html>
More information about the Blueonyx
mailing list