[Novalug] More on spam-fighting

Fri Mar 7 11:12:44 EST 2008

On Fri, 2008-03-07 at 09:58 -0500, unix at bikesn4x4s.com wrote:
> On Fri, March 7, 2008 4:02 am, DonJr wrote:
> > On Fri, 2008-03-07 at 01:40 -0500, unix at bikesn4x4s.com wrote:
> >> On Wed, March 5, 2008 11:33 pm, DonJr wrote:
> >> > On Wed, 2008-03-05 at 22:02 -0500, Paul wrote:
> >> >> On Mon, March 3, 2008 1:30 pm, David A. Cafaro wrote:
> >> >> > You make the change in your main.cf file (for postfix):
> >> >> >
> >  <SNIP see archives>
> >
> >> >> Cause right now, the "sbl-xbl.spamhaus.org" was't doing to great:
> >> >> # awk '/reject/ && /spamhaus/ && /Mar  [4-5]/' maillog | wc -l;awk
> >> >> '/reject/ && /sorbs/ && /Mar  [4-5]/' maillog | wc -l
> >> >> 4
> >> >> 9
> >> >
> >> > Why don't you get your count by:
> >> >  # awk '/reject/ && /Mar  [4-5]/{shs+=($0 ~ /spamhaus/); sbs+=($0 ~
> >> > /sorbs/);}END{print "spamhaus =",shs;print "sorbs =",sbs;}'  maillog
> >> >
> >> > Which only reads through the 'maillog' file one time.
> >>
> >> I'm still soaking that one in, nice.  I'm testing 3 lists now, and so
> >> far,
> >> spamhaus is kick'n ars.  Looks like I be dropping sorbs very soon.
> >>
> >> I add to yours:
> >> # awk '/reject/ && /Mar  [6-9]/{shs+=($0 ~ /spamhaus/);dbl+=($0
> >> ~/dbl/);sbs+=($0 ~/sorbs/);}END{print "spamhaus =",shs;print "sorbs
> >> =",sbs;print "dsbl =",dbl;}'  maillog
> >> spamhaus = 12
> >> sorbs = 0
> >> dsbl = 0
> >>
> >> It's always fun to read other's resolve.  I'm used to just whipping
> >> scrips
> >> up so fast on the fly, that I usually don't have time to find better
> >> ways,
> >> but here is another that comes to my mind:
> >>
> >> # VAR=`awk '/reject/ && /Mar  [6-9]/' maillog`;echo $VAR | sed 's/\
> >> /\n/g'
> >> | grep zen.spamhaus.org | wc -l;echo $VAR | sed 's/\ /\n/g' | grep
> >> list.dsbl.org |wc -l;echo $VAR | sed 's/\ /\n/g' | grep dnsbl.sorbs.net
> >> |
> >> wc -l
> >> 13
> >> 0
> >> 0
> >>
> >> But your's is definitely more clean and less convoluted than mine.  I
> >> need
> >> to soak it all in for a bit.  ;->
> >
> > Then how about
> >   VAR=$(grep -c 'reject.*Mar  [4-5]' maillog | sed 's/\ /\n/g');
> >   echo $VAR | grep --count zen.spamhaus.org;
> >   echo $VAR | grep --count dnsbl.sorbs.net;
> >
> > "man grep"
> >    -c, --count
> >      Suppress normal output; instead print a count of matching lines
> >      for each input file.
> >
> >
> > And yes I do type lines like this in on the fly at times.
> 
> OK, rub it in.  I'll be there some day.  Thanks for that one, I like it. 
> I missed that one,  Was doing all kind of man pages last night, lol.  OK,
> now off to my virtual class...

Except that last grep version has an ERROR and would always output only:
 0
 0

Can anyone see why? <GRIN>

-- 
 DonJr