Skip to main content

SPAMMING 1

1) pidof exim
2) Below command will show you the no of emails sent by particular domain:
exim -bp | exiqsumm | more
3)
exim -bpr | grep “<*@*>” | awk “{print $4}”|grep -v “<>” | sort | uniq -c | sort -n | less
This will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.
4)
exim -bpr | grep “<*@*>” | awk “{print $4}”|grep -v “<>” |awk -F “@” “{ print $2}” | sort | uniq -c | sort -n | less
That will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.
5)
Find the script which is sending the mass mails :-
cd /var/spool/exim/input
egrep “X-PHP-Script” * -R
You can see the script there, if not seeing there just read the mail id file with your favorite test editor
exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” |awk -F “@” ‘{ print $2}’ | sort | uniq -c | sort -n
These list the current working directory of exim when processing a message :-
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n
grep “<= ” /var/log/exim_mainlog|grep -v “<= <>”|awk ‘{print $5,$7}’|cut -d”:” -f1|sort|uniq -c|sort -n
grep -rl xxxx /var/spool/exim/input |xargs rm -f

========================================================================

Locate spam activity by subject with Exim


awk -F"T=\"" '/<=/ {print $2}' /var/log/exim_mainlog | cut -d\" -f1 | sort | uniq -c | sort -n

You should get back something that looks like this:
285 Out of Office
303 [Forum reply] Please moderate
578 New Account
1764 Melt Fat Naturally


Now we can search to see what user has been sending out this possible spam message with the following command:
grep "Melt Fat Naturally" /var/log/exim_mainlog | awk '{print $5}' | sort | uniq -c | sort -n

You should end up with some results like this:
1 test@example.com
1762 user01@example.com

You can now locate all of the IP addresses
grep "<= user01@example.com" /var/log/exim_mainlog | grep "Melt Fat Naturally" | grep -o "\[[0-9.]*\]" | sort -n | uniq -c | sort -n

Now deny the IP using your firewall rules.

========================================================================

Find spam script location with Exim



Run the following command to pull the most used mailing script's location from the Exim mail log:
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n


You should get back something like this:
15 /home/userna5/public_html/about-us
25 /home/userna5/public_html
7866 /home/userna5/public_html/data

Comments

Post a Comment

Popular posts from this blog

How to tweak linux server harddisk using hdparm

hdparm switches explained http://manpages.ubuntu.com/manpages/intrepid/man8/hdparm.8.html   First of all you have to install hdparm in linux. apt-get install hdparm #hdparm /dev/sda /dev/sda: readonly = 0 (off) readahead = 120 (on) geometry = 8850/255/63, sectors = 142182912, start = 0 Hard disk Performance Information # hdparm -tT /dev/hda /dev/hdd: Timing cached reads: 496 MB in 2.00 seconds = 247.42 MB/sec Timing buffered disk reads: 60 MB in 3.03 seconds = 19.81 MB/sec Hard drive set to low, slow settings # hdparm -cuda /dev/hda /dev/hda: IO_support = 0 (default 16-bit) unmaskirq = 0 (off) using_dma = 0 (off) readahead = 256 (on) Use below tweaks to increase disk read write performance. For sda drive ~]# hdparm -a 2048 /dev/sda /dev/sda: setting fs readahead to 2048 readahead = 2048 (on) For sdb drive [root@439298a ~]# hdparm -a 2048 /dev/sdb /dev/sdb: setting fs readahead to 2048 readahead = 2048 (on) ]# echo “anticipatory” >...
Post a Comment
Read more

RAID

Check the Raid installed lspci | grep RAID     Software Raid ============== Linux Support For Software RAID Currently, Linux supports the following RAID levels (quoting from the man page): LINEAR RAID0 (striping) RAID1 (mirroring) RAID4 RAID5 RAID6 RAID10 MULTIPATH, and FAULTY. MULTIPATH is not a Software RAID mechanism, but does involve multiple devices: each device is a path to one common physical storage device. FAULTY is also not true RAID, and it only involves one device. It provides a layer over a true device that can be used to inject faults. Install mdadm Type the following command under RHEL / CentOS / Fedora Linux: # yum install mdadm Type the following command under Debian / Ubuntu Linux: # apt-get update && apt-get install mdadm How Do I Create RAID1 Using mdadm? Type the following command to create RAID1 using /dev/sdc1 and /dev/sdd1 (20GB size each). First run fdisk on /dev/sdc and /dev/sdd with " Softwa...
Post a Comment
Read more

SystemD commands

[root@centos7 ~]# systemctl -t target UNIT                   LOAD   ACTIVE SUB    DESCRIPTION basic.target           loaded active active Basic System cryptsetup.target      loaded active active Encrypted Volumes getty.target           loaded active active Login Prompts graphical.target       loaded active active Graphical Interface local-fs-pre.target    loaded active active Local File Systems (Pre) local-fs.target        loaded active active Local File Systems multi-user.target      loaded active active Multi-User System network-online.target  loaded active active Network is Online network.target         loaded active active Network nfs-client.target      loaded active active NFS client services nss-user-lookup.target loaded active active User and Gr...
Post a Comment
Read more