[Novalug] More on spam-fighting
DonJr
djr1952@hotpop.com
Fri Mar 7 04:02:46 EST 2008
On Fri, 2008-03-07 at 01:40 -0500, unix@bikesn4x4s.com wrote:
> On Wed, March 5, 2008 11:33 pm, DonJr wrote:
> > On Wed, 2008-03-05 at 22:02 -0500, Paul wrote:
> >> On Mon, March 3, 2008 1:30 pm, David A. Cafaro wrote:
> >> > You make the change in your main.cf file (for postfix):
> >> >
<SNIP see archives>
> >> Cause right now, the "sbl-xbl.spamhaus.org" was't doing to great:
> >> # awk '/reject/ && /spamhaus/ && /Mar [4-5]/' maillog | wc -l;awk
> >> '/reject/ && /sorbs/ && /Mar [4-5]/' maillog | wc -l
> >> 4
> >> 9
> >
> > Why don't you get your count by:
> > # awk '/reject/ && /Mar [4-5]/{shs+=($0 ~ /spamhaus/); sbs+=($0 ~
> > /sorbs/);}END{print "spamhaus =",shs;print "sorbs =",sbs;}' maillog
> >
> > Which only reads through the 'maillog' file one time.
>
> I'm still soaking that one in, nice. I'm testing 3 lists now, and so far,
> spamhaus is kick'n ars. Looks like I be dropping sorbs very soon.
>
> I add to yours:
> # awk '/reject/ && /Mar [6-9]/{shs+=($0 ~ /spamhaus/);dbl+=($0
> ~/dbl/);sbs+=($0 ~/sorbs/);}END{print "spamhaus =",shs;print "sorbs
> =",sbs;print "dsbl =",dbl;}' maillog
> spamhaus = 12
> sorbs = 0
> dsbl = 0
>
> It's always fun to read other's resolve. I'm used to just whipping scrips
> up so fast on the fly, that I usually don't have time to find better ways,
> but here is another that comes to my mind:
>
> # VAR=`awk '/reject/ && /Mar [6-9]/' maillog`;echo $VAR | sed 's/\ /\n/g'
> | grep zen.spamhaus.org | wc -l;echo $VAR | sed 's/\ /\n/g' | grep
> list.dsbl.org |wc -l;echo $VAR | sed 's/\ /\n/g' | grep dnsbl.sorbs.net |
> wc -l
> 13
> 0
> 0
>
> But your's is definitely more clean and less convoluted than mine. I need
> to soak it all in for a bit. ;->
Then how about
VAR=$(grep -c 'reject.*Mar [4-5]' maillog | sed 's/\ /\n/g');
echo $VAR | grep --count zen.spamhaus.org;
echo $VAR | grep --count dnsbl.sorbs.net;
"man grep"
-c, --count
Suppress normal output; instead print a count of matching lines
for each input file.
And yes I do type lines like this in on the fly at times.
--
DonJr
More information about the Novalug
mailing list