[BlueOnyx:17398] Re: Detecting compromised mail accounts
Gustavo Silva
beatwiz at gmail.com
Thu Apr 2 01:30:21 -05 2015
Maybe I digressed a bit on my last email, I do that a lot, so please
forgive me for the excessive non-related info, that wil probably kill your
server and then make me feel bad! :D
Staying on topic, log checking is great and even if you cant get stuff to
show up on the gui, you can at the very least to work shellscripts that can
be added to cron who will send you an alert when certain treshesholds were
hit, or lets say a daily statistic.
Hope this helps!
Gustavo
2015-04-02 7:24 GMT+01:00 Gustavo Silva <beatwiz at gmail.com>:
> Yeah I used to run a bunch of shellscript that actually walk through the
> logs and shows the count of incoming/outgoing mail for distinct emails.
>
> As an example, this one uses ctladdr to check who sent how many emails in
> the last 9999 log lines
>
> tail -9999 /var/log/maillog | grep "ctladdr" | awk -F',' '{ print $2 }' |
> awk '{ print $1 }' | grep ctladdr | sort | uniq -c
>
> Anyway in my personal experience i find it best to limit the email rates
> sendmail milter level and only allow a certain emails to get in/out per
> hour because when an account gets spammed most of the time its overnight,
> you only realize it in the morning when your IP address is already on all
> spam lists and 300 people calling at the same time.
>
> So IMHO its best to enforce some strict guerilla tactics if you're dealing
> with spammy customers like lowering the number of CC/BCC addresses at
> sendmail level and implement some milter-limit.
>
> ^^^^^^^ This is bound to break things if not done properly and might not
> survive a version update! Im just sharing my experience and a different
> view on things :D
>
> Good luck!
>
>
>
> 2015-04-02 6:47 GMT+01:00 Tigerwolf <tigerwolf at tigerden.com>:
>
>> On Wed, 1 Apr 2015, Jeff Keller wrote:
>>
>> > Is there no way to get "top senders" (either by user or domain) from the
>> > GUI?
>>
>> I don't know of anything off the shelf, but if you trust the sendmail logs
>> to reflect who sends what, I'd think a script to parse the log by sender,
>> then count the results along the general idea of:
>>
>> For usernames in userlist
>> echo username
>> grep -c "from=username" /var/log/maillog
>>
>> If you want to see it from a browser, then just make an html template page
>> and have the script stuff it's output into the template.
>>
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at mail.blueonyx.it
>> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>>
>
>
>
> --
> Um abraço,
> Gustavo
>
--
Um abraço,
Gustavo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20150402/a332d881/attachment.html>
More information about the Blueonyx
mailing list