[linux] OT? Rejects per land stats
Hugo van der Kooij
hvdkooij op vanderkooij.org
Zo Dec 3 17:02:19 CET 2006
Hoi,
Omdat ik toch eens wat inzicht in de spam wil hebben heb ik een script
gemaakt om alle reject regels te vangen uit mijn log file. Voor de
afgelopen week ziet dat er als volgt uit:
N/A: 193
United Arab Emirates: 1
Argentina: 17
Austria: 12
Australia: 206
Azerbaijan: 2
Bangladesh: 1
Belgium: 2
Bahrain: 4
Brazil: 73
Canada: 45
Switzerland: 3
Chile: 6
China: 96
Colombia: 22
Czech Republic: 5
Germany: 88
Denmark: 3
Dominican Republic: 2
Algeria: 2
Egypt: 1
Spain: 152
Europe: 302
Finland: 2
France: 35
United Kingdom: 30
Greece: 55
Guatemala: 1
Hong Kong: 58
Hungary: 3
Indonesia: 7
Ireland: 4
Israel: 4
India: 9
Iran, Islamic Republic of: 12
Italy: 76
Japan: 20
Kenya: 5
Cambodia: 1
Korea, Republic of: 90
Kuwait: 4
Kazakhstan: 1
Luxembourg: 1
Latvia: 28
Libyan Arab Jamahiriya: 1
Moldova, Republic of: 1
Macedonia, the Former Yugoslav Republic of: 2
Mongolia: 2
Mexico: 15
Netherlands: 90
Norway: 10
Peru: 1
Philippines: 1
Poland: 46
Puerto Rico: 1
Portugal: 8
Romania: 4
Russian Federation: 60
Saudi Arabia: 2
Sweden: 2
Singapore: 2
Slovenia: 3
Slovakia: 35
Senegal: 1
Thailand: 9
Turkey: 17
Taiwan, Province of China: 33
Ukraine: 8
United States: 4647
Venezuela: 3
South Africa: 11
Ik wil best aannemen dat Geo::IPfree er her en der naast zit. Maar als ik
af en toe handmatig in de logs grut dan ontkom ik al evenmin aan de
indruk dat de USA 'king of the SPAM' is.
De mailinglist zal de bijlage wel parkeren dus daar kan je het scriptje
vinden.
Ik ben nog aan het prakkedenken hoe ik de IP adressen kan bossen per
netwerk. Heb daar nog even niets voor kunnen verzinnen. (Suggesties per
diff -u staan vrij natuurlijk.)
Hugo.
PS: Het weerbericht laat zich wel raden ;-)
--
hvdkooij op vanderkooij.org http://hvdkooij.xs4all.nl/
This message is using 100% recycled electrons.
-- Attached file included as plaintext by Ecartis --
-- File: postfix-hits
-- Desc: postfix-hits
#!/usr/bin/perl
use File::Basename;
use Getopt::Std;
use Geo::IPfree;
getopt('f');
# or die "\nFatal error!\nrequires -f <filename> option to parse <filename>\n\n";
$logfile = $opt_f;
#my $logfile = "/var/log/maillog.1";
my $re_DSN = '(?:\d{3}(?: \d\.\d\.\d)?)';
open(FILE, "<$logfile");
sub ToIP {
@fields = split(/\[/,$_[0]);
$IP = @fields[1];
$IP =~ s/\]$//;
return $IP;
}
while ($ThisLine = <FILE>) {
chomp($ThisLine);
if (($Host,$Sender,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): $re_DSN <(.*)>: Sender address rejected: (.*);/)) {
$IP = &ToIP($Host);
$Rejected{$IP}++;
my ($country_code,$country_name) = Geo::IPfree::LookUp("$IP") ;
$Country{$country_code}++;
$CountryName{$country_code} = $country_name;
} elsif ( ($Host,$Reason,$Sender,$Recip) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): $re_DSN <[^ ]*\[[^ ]*\]>: Client host rejected: (.*); from=<(.*)> to=<(.*)> proto=/)) {
$IP = &ToIP($Host);
$Rejected{$IP}++;
my ($country_code,$country_name) = Geo::IPfree::LookUp("$IP") ;
$Country{$country_code}++;
$CountryName{$country_code} = $country_name;
} elsif ( ($Host,$Sender,$Recip,$Helo) = ($ThisLine =~ /reject: RCPT from [^ ]*\[([^ ]*)\]: $re_DSN Client host rejected: cannot find your hostname, \[\d+\.\d+\.\d+\.\d+\]; from=<(.*?)> to=<(.*?)> proto=\S+ helo=<(.*)>/)) {
$IP = &ToIP($Host);
$Rejected{$IP}++;
my ($country_code,$country_name) = Geo::IPfree::LookUp("$IP") ;
$Country{$country_code}++;
$CountryName{$country_code} = $country_name;
} elsif ( ($Host,$Recip,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): $re_DSN <(.*)>: Recipient address rejected: (.*);/)) {
$IP = &ToIP($Host);
$Rejected{$IP}++;
my ($country_code,$country_name) = Geo::IPfree::LookUp("$IP") ;
$Country{$country_code}++;
$CountryName{$country_code} = $country_name;
} elsif ( ($Host,undef) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): $re_DSN <(.*)>: Sender address rejected: Access denied;/)) {
$IP = &ToIP($Host);
$Rejected{$IP}++;
my ($country_code,$country_name) = Geo::IPfree::LookUp("$IP") ;
$Country{$country_code}++;
$CountryName{$country_code} = $country_name;
} elsif ( ($Host,$Site,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): $re_DSN Service unavailable; (?:Client host )?\[[^ ]*\] blocked using ([^ ]*), reason: (.*);/)) {
$IP = &ToIP($Host);
$Rejected{$IP}++;
my ($country_code,$country_name) = Geo::IPfree::LookUp("$IP") ;
$Country{$country_code}++;
$CountryName{$country_code} = $country_name;
} elsif ( ($Host,$Site) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): $re_DSN Service unavailable; (?:Sender address |Client host )?\[[^ ]*\] blocked using ([^ ]*);/)) {
$IP = &ToIP($Host);
$Rejected{$IP}++;
my ($country_code,$country_name) = Geo::IPfree::LookUp("$IP") ;
$Country{$country_code}++;
$CountryName{$country_code} = $country_name;
} elsif ( ($Host,$Error) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): $re_DSN <.*>: (Helo command rejected: .*);/)) {
$IP = &ToIP($Host);
$Rejected{$IP}++;
# reject: RCPT from 200-42-113-94.dup.prima.net.ar[200.42.113.94]: 554 <info op dameskartteam.nl>: Relay access denied; from=<ttrquaoaej op rocketmail.com> to=<info op dameskartteam.nl> proto=SMTP helo=<rocketmail.com>
} elsif ( ($Host,undef) = ($ThisLine =~ /reject: RCPT from ([^ ]*\[[^ ]*\]): $re_DSN <.*>: (Relay access denied; .*)/)) {
$IP = &ToIP($Host);
$Rejected{$IP}++;
} elsif ($ThisLine =~ / reject: /) {
print "$ThisLine\n";
}
}
close(FILE);
print "\n\tCountry List:\n\n";
foreach $nation (sort keys %Country) {
$length = length($CountryName{$nation});
$size = length($Country{$nation});
$fill = 50 - $length - $size;
$spaces = " " x $fill;
print "$CountryName{$nation}:$spaces$Country{$nation}\n";
}
#print "\n\tIP List:\n\n";
#foreach $IP (sort keys %Rejected) {
# $length = length($IP);
# $size = length($Rejected{$IP});
# $fill = 32 - $length - $size;
# $spaces = " " x $fill;
# my ($country,$country_name) = Geo::IPfree::LookUp("$IP") ;
# print "$IP:$spaces$Rejected{$IP}\t$country\t$country_name\n";
#}
More information about the Linux
mailing list