top of page
Search

Spamming Issues

  • knowledgediary4min
  • Mar 3, 2020
  • 2 min read

Check whether spamming or not..If so then from which mail account :

===

https://linuxtechme.wordpress.com/2012/04/23/spamming-in-exim/

===

# Script to know the mail count by various accounts

script :-

grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n

# To show the number of mails send by each one.

---

email account :-

exim -bpr | grep “<" | awk {'print $4'} | cut -d "” -f 1 | sort -n | uniq -c | sort -n

---

grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

bash <(curl -s -L files.wiredtree.com/misc/spamchex)

#clear mail queues

>>Bounce mails

bash <(curl -s -L files.wiredtree.com/misc/spamchex)

>>clear mails from queue

exim -bp | grep domain.com | awk {'print $3}'|xargs exim -Mrm

>>Frozen mails

exim -bp|grep frozen|awk '{print $3}' |xargs exim -Mrm

>>command to delete those frozen mails exiqgrep -z -i | xargs exim -Mrm command to delete all mails exim -bp | exiqgrep -i | xargs exim -Mrm

>>Remove mails only from particular receiver: exiqgrep -r receivermailid -i | xargs exim -Mrm >>Remove mails only from particular sender: exiqgrep -f sendermailid -i | xargs exim -Mrm

MEASURES TAKEN

-- Updating “Scan outgoing messages for spam and reject based on the Apache SpamAssassin™ internal spam_score setting” from “Off” to “On”. Updating “Apache SpamAssassin™: Forced Global ON” from “Off” to “On”. Updating “Do not forward mail to external recipients if it matches the Apache SpamAssassin™ internal spam_score setting” from “Off” to “On”. Updating “Scan outgoing messages for malware” from “Off” to “On”. Updating “Reject SPF failures” from “Off” to “On”. Updating “Sender Verification” from “Off” to “On”. ---

additional commands

> for i in $(find . -ctime -100 -type f -iname "*.php" ); do if [[ -n `head -n2 $i | grep -le "eval" -le "strlen" -le "strto" -le "auth_pass" -le "GLOBALS" -le "_dl"` ]] ; then echo $i; fi ; done

> for i in $(find . -ctime -100 -type f -iname "*.php" ); do if [[ -n `head -n2 $i | grep -le "eval" -le "strlen" -le "strto" -le "auth_pass" -le "GLOBALS" -le "_dl"` ]] ; then echo -e "$i \t\t- Suspicious File Found\n`stat $i`\n"; fi ; done

> grep "cwd=/home" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print $i}}' | sort | uniq -c | grep cwd | sort -n

> fgrep -e wp-login -e xmlrpc -e administrator -e admin /usr/local/apache/domlogs/*/* | grep -v ftp | grep -v 404 | awk '{print $1 " " $7}' | sort | uniq -c | sort -rn | head -n 10

 
 
 

Recent Posts

See All
clear script

#!/bin/bash rm -f ./cleanspace.sh bold=$(tput bold) normal=$(tput sgr0) TIMESTAMP=$(date +%d-%m-%Y-%H-%M) LOGFILE="/root/cleardisk-$TIME...

 
 
 
innodb restore

Create a new folder: mkdir /var/lib/mysql2 From R1: Restore from the /var/lib/mysql folder: + The folder which is called the db name...

 
 
 
Scripts

#not wordpress site grep shop2vizag.com /var/log/messages | awk '{print $6}' | cut -d: -f1 |sort -n |uniq -c |sort -n #Domains using...

 
 
 

Comments

  • White Facebook Icon
  • White Twitter Icon
  • White Instagram Icon
  • White YouTube Icon

© 2023 by Knowledge4mind. Proudly created with Wix.com

bottom of page