[Novalug] More on spam-fighting

Fri Mar 7 11:59:25 EST 2008

On Fri, March 7, 2008 11:12 am, DonJr wrote:
> On Fri, 2008-03-07 at 09:58 -0500, unix at bikesn4x4s.com wrote:
>> On Fri, March 7, 2008 4:02 am, DonJr wrote:
>> > On Fri, 2008-03-07 at 01:40 -0500, unix at bikesn4x4s.com wrote:
>> >> On Wed, March 5, 2008 11:33 pm, DonJr wrote:
>> >> > On Wed, 2008-03-05 at 22:02 -0500, Paul wrote:
>> >> >> On Mon, March 3, 2008 1:30 pm, David A. Cafaro wrote:
>> >> >> > You make the change in your main.cf file (for postfix):
>> >> >> >
>> >  <SNIP see archives>
>> >
>> >> >> Cause right now, the "sbl-xbl.spamhaus.org" was't doing to great:
>> >> >> # awk '/reject/ && /spamhaus/ && /Mar  [4-5]/' maillog | wc -l;awk
>> >> >> '/reject/ && /sorbs/ && /Mar  [4-5]/' maillog | wc -l
>> >> >> 4
>> >> >> 9
>> >> >
>> >> > Why don't you get your count by:
>> >> >  # awk '/reject/ && /Mar  [4-5]/{shs+=($0 ~ /spamhaus/); sbs+=($0 ~
>> >> > /sorbs/);}END{print "spamhaus =",shs;print "sorbs =",sbs;}'
>> maillog
>> >> >
>> >> > Which only reads through the 'maillog' file one time.
>> >>
>> >> I'm still soaking that one in, nice.  I'm testing 3 lists now, and so
>> >> far,
>> >> spamhaus is kick'n ars.  Looks like I be dropping sorbs very soon.
>> >>
>> >> I add to yours:
>> >> # awk '/reject/ && /Mar  [6-9]/{shs+=($0 ~ /spamhaus/);dbl+=($0
>> >> ~/dbl/);sbs+=($0 ~/sorbs/);}END{print "spamhaus =",shs;print "sorbs
>> >> =",sbs;print "dsbl =",dbl;}'  maillog
>> >> spamhaus = 12
>> >> sorbs = 0
>> >> dsbl = 0
>> >>
>> >> It's always fun to read other's resolve.  I'm used to just whipping
>> >> scrips
>> >> up so fast on the fly, that I usually don't have time to find better
>> >> ways,
>> >> but here is another that comes to my mind:
>> >>
>> >> # VAR=`awk '/reject/ && /Mar  [6-9]/' maillog`;echo $VAR | sed 's/\
>> >> /\n/g'
>> >> | grep zen.spamhaus.org | wc -l;echo $VAR | sed 's/\ /\n/g' | grep
>> >> list.dsbl.org |wc -l;echo $VAR | sed 's/\ /\n/g' | grep
>> dnsbl.sorbs.net
>> >> |
>> >> wc -l
>> >> 13
>> >> 0
>> >> 0
>> >>
>> >> But your's is definitely more clean and less convoluted than mine.  I
>> >> need
>> >> to soak it all in for a bit.  ;->
>> >
>> > Then how about
>> >   VAR=$(grep -c 'reject.*Mar  [4-5]' maillog | sed 's/\ /\n/g');
>> >   echo $VAR | grep --count zen.spamhaus.org;
>> >   echo $VAR | grep --count dnsbl.sorbs.net;
>> >
>> > "man grep"
>> >    -c, --count
>> >      Suppress normal output; instead print a count of matching lines
>> >      for each input file.
>> >
>> >
>> > And yes I do type lines like this in on the fly at times.
>>
>> OK, rub it in.  I'll be there some day.  Thanks for that one, I like it.
>> I missed that one,  Was doing all kind of man pages last night, lol.
>> OK,
>> now off to my virtual class...
>
> Except that last grep version has an ERROR and would always output only:
>  0
>  0
>
> Can anyone see why? <GRIN>

The asterisk within the tics?  Haven't tried it yet.