this will give IPs that made more number of connections to the mail server.
#tail -3000 /var/log/exim_mainlog |grep '[0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*' | awk -F\[ {'print $2'} |awk -F\] {'print $1'} | sort | uniq -c | sort -k 1 -nr | head -n 20
if an IP have more than 100 connections block it in csf .
#csf -d x.x.x.x {mailspammer}
#tail -3000 /var/log/exim_mainlog |grep '[0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*' | awk -F\[ {'print $2'} |awk -F\] {'print $1'} | sort | uniq -c | sort -k 1 -nr | head -n 20
if an IP have more than 100 connections block it in csf .
#csf -d x.x.x.x {mailspammer}
No comments:
Post a Comment