Warning: Cannot modify header information - headers already sent by (output started at /home/destefa1/public_html/nf/function.php:1) in /home/destefa1/public_html/nf/function.php on line 215

Warning: Cannot modify header information - headers already sent by (output started at /home/destefa1/public_html/nf/function.php:1) in /home/destefa1/public_html/nf/function.php on line 216

Warning: Cannot modify header information - headers already sent by (output started at /home/destefa1/public_html/nf/function.php:1) in /home/destefa1/public_html/nf/function.php on line 217

Warning: Cannot modify header information - headers already sent by (output started at /home/destefa1/public_html/nf/function.php:1) in /home/destefa1/public_html/nf/function.php on line 218

Warning: Cannot modify header information - headers already sent by (output started at /home/destefa1/public_html/nf/function.php:1) in /home/destefa1/public_html/nf/function.php on line 219

Warning: Cannot modify header information - headers already sent by (output started at /home/destefa1/public_html/nf/function.php:1) in /home/destefa1/public_html/nf/function.php on line 220
#!/bin/bash ########################################################## # Script to find the spamming via smtp authentication # Author : Priya ######################################################## SPAMTEST=$(perl -lsne '/$day.*\[([0-9.]+)\]:.+dovecot_(?:login|plain):([^\s]+).* for (.*)/ and $sender{$2}{r}+=scalar (split / /,$3) and $sender{$2}{i}{$1}=1; END {foreach $sender(keys %sender){printf"Rcpn %d Hosts %03d Auth %s\n",$sender{$sender}{r},scalar (keys %{$sender{$sender}{i}}),$sender;}}' -- -day="$(date +"%F %H" -d "1 hour ago")" /var/log/exim_mainlog | sed 's/^Rcpn \(\S*\).*Auth \(\S*\).*$/\1 mails sent authed as \2/g' |sort -n | awk '{ if ($1>150) print $0}') if [[ -n "$SPAMTEST" ]]; then echo "WARNING: Possible compromised mail accounts sending high volumes recently: $SPAMTEST" exit 1 else echo "OK: No compromised accounts found in the mail log" exit 0 fi