when I examined the zimbra.log file, I noticed that a user sent 75,000 emails. "cat /var/log/zimbra.log | grep -i" sasl_username "| awk '{print $ 9}' | sort | uniq -c | sort -n
"I don't see this user when I use it. I see it in the zimbra.log file
When I searched the zimbra.log file, I noticed that he added 50 people to the "to" section and sent mail. so I have to do a filtering so that the user can calculate the total number of mail ("to" + "cc") cents.
Is it possible to do so? can you help me?
The script you wrote for sasl_username was successful, but does not find the user making the spam.
my script:
Code: Select all
#!/bin/sh
now=$(date)
value=`cat exclude.txt`
cat /var/log/zimbra.log | sed -n 's/.*sasl_username=//p' | sort | uniq -c | sort -nr > spamMailList.txt
filePath="spamMailList.txt"
while IFS= read -r line;
do
IFS=' ' read -r -a array <<< "$line sed 's,^ *,,; s, *$,,'"
if [ ${array[0]} -gt 100 ]
then
if !(grep -q "${array[1]}" <<< "${value[@]}")
then
if !(grep -q "@" <<< "${array[1]}")
then
array[1]="${array[1]}@domain.com"
fi
su - zimbra -c "zmprov modifyAccount ${array[1]} zimbraAccountStatus closed"
# perl pfdel.pl ${array[1]}
echo "${array[1]}" >> exclude.txt
echo "# $now - ${array[1]} mail 'Closed' queue 'cleaned' " >>log.txt
fi
fi
done < "$filePath"