[wellylug] Extracting IPs from spambucket
Rob Stockley
robstockley at mowgli.net.nz
Wed Dec 17 21:22:02 NZDT 2003
Today I've been messing with RBL and postfix. It all seems to work as
advertised. Now I'm looking at a local hash table of IPs gleaned from
messages that slip through the cracks.
I have been using spamassassin for a while now. It's been a few months
since I had a clean out and the spambucket consists of 9.3M of wasted
space. I've been experimenting with ways of extracting the source IP's
from this file.
I've googled a bit and run round in circles trying to find the right
search terms. Either no one has done what I'm doing (unlikely) or it's
got a common name that I've never heard of.
After a bit of playing I've got the following: Pipe the file through
this command line:
|formail -c -s script.sh | sort | uniq > list_of_bad_ips
The file script.sh contains the following:
#!/bin/sh
# Script to extract source IP from mail message
formail -U "Received" | formail -x "Received" \
| sed "s/^.*\[//" | sed "s/\].*$//"
# end of script.sh
It works but this approach feels like I'm using a crowbar to open a can
of sardines. Is there an easier way?
Eventually I'll set it up as a cron job to be run in the wee hours. I'm
very interested in what other LUGers are doing in this regard.
Rob
More information about the wellylug
mailing list