[Novalug] More on spam-fighting

rosejw@cox.net rosejw@cox.net
Fri Mar 7 12:18:53 EST 2008


---- Paul <unix@bikesn4x4s.com> wrote: 
> On Fri, March 7, 2008 11:12 am, DonJr wrote:
> > On Fri, 2008-03-07 at 09:58 -0500, unix@bikesn4x4s.com wrote:
> >> On Fri, March 7, 2008 4:02 am, DonJr wrote:
> >> > On Fri, 2008-03-07 at 01:40 -0500, unix@bikesn4x4s.com wrote:
> >> >> On Wed, March 5, 2008 11:33 pm, DonJr wrote:
> >> >> > On Wed, 2008-03-05 at 22:02 -0500, Paul wrote:
> >> >> >> On Mon, March 3, 2008 1:30 pm, David A. Cafaro wrote:
> >> >> >> > You make the change in your main.cf file (for postfix):
> >> >> >> >
> >> >  <SNIP see archives>
> >> >
> >> >> >> Cause right now, the "sbl-xbl.spamhaus.org" was't doing to great:
> >> >> >> # awk '/reject/ && /spamhaus/ && /Mar  [4-5]/' maillog | wc -l;awk
> >> >> >> '/reject/ && /sorbs/ && /Mar  [4-5]/' maillog | wc -l
> >> >> >> 4
> >> >> >> 9
> >> >> >
> >> >> > Why don't you get your count by:
> >> >> >  # awk '/reject/ && /Mar  [4-5]/{shs+=($0 ~ /spamhaus/); sbs+=($0 ~
> >> >> > /sorbs/);}END{print "spamhaus =",shs;print "sorbs =",sbs;}'
> >> maillog
> >> >> >
> >> >> > Which only reads through the 'maillog' file one time.
> >> >>
> >> >> I'm still soaking that one in, nice.  I'm testing 3 lists now, and so
> >> >> far,
> >> >> spamhaus is kick'n ars.  Looks like I be dropping sorbs very soon.
> >> >>
> >> >> I add to yours:
> >> >> # awk '/reject/ && /Mar  [6-9]/{shs+=($0 ~ /spamhaus/);dbl+=($0
> >> >> ~/dbl/);sbs+=($0 ~/sorbs/);}END{print "spamhaus =",shs;print "sorbs
> >> >> =",sbs;print "dsbl =",dbl;}'  maillog
> >> >> spamhaus = 12
> >> >> sorbs = 0
> >> >> dsbl = 0
> >> >>
> >> >> It's always fun to read other's resolve.  I'm used to just whipping
> >> >> scrips
> >> >> up so fast on the fly, that I usually don't have time to find better
> >> >> ways,
> >> >> but here is another that comes to my mind:
> >> >>
> >> >> # VAR=`awk '/reject/ && /Mar  [6-9]/' maillog`;echo $VAR | sed 's/\
> >> >> /\n/g'
> >> >> | grep zen.spamhaus.org | wc -l;echo $VAR | sed 's/\ /\n/g' | grep
> >> >> list.dsbl.org |wc -l;echo $VAR | sed 's/\ /\n/g' | grep
> >> dnsbl.sorbs.net
> >> >> |
> >> >> wc -l
> >> >> 13
> >> >> 0
> >> >> 0
> >> >>
> >> >> But your's is definitely more clean and less convoluted than mine.  I
> >> >> need
> >> >> to soak it all in for a bit.  ;->
> >> >
> >> > Then how about
> >> >   VAR=$(grep -c 'reject.*Mar  [4-5]' maillog | sed 's/\ /\n/g');
> >> >   echo $VAR | grep --count zen.spamhaus.org;
> >> >   echo $VAR | grep --count dnsbl.sorbs.net;
> >> >
> >> > "man grep"
> >> >    -c, --count
> >> >      Suppress normal output; instead print a count of matching lines
> >> >      for each input file.
> >> >
> >> >
> >> > And yes I do type lines like this in on the fly at times.
> >>
> >> OK, rub it in.  I'll be there some day.  Thanks for that one, I like it.
> >> I missed that one,  Was doing all kind of man pages last night, lol.
> >> OK,
> >> now off to my virtual class...
> >
> > Except that last grep version has an ERROR and would always output only:
> >  0
> >  0
> >
> > Can anyone see why? <GRIN>
> 
> The asterisk within the tics?  Haven't tried it yet.
> 
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug

No, the first grep -c that defines $VAR will assign a number to $VAR, therefore the subsequent greps won't find anything, therefore wc -l will output 0.




More information about the Novalug mailing list