Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Jun 2015 19:29:56 -0500
From:      "Lt. Commander" <listmgr@antennex.com>
To:        "'Olivier Nicole'" <olivier.nicole@cs.ait.ac.th>
Cc:        <freebsd-questions@freebsd.org>
Subject:   RE: Script question
Message-ID:  <BAY404-EAS263BBC0728E6171BD47A4AECCBA0@phx.gbl>
In-Reply-To: <CA+g+BvjNv0PBOfmnWkzE26Tgqj6qZ-VKbHXMpuB8gak69G_T2g@mail.gmail.com>
References:  <BAY182-W89C2924F4BDF0D2BD3810DF4BB0@phx.gbl> <CA+g+BvjNv0PBOfmnWkzE26Tgqj6qZ-VKbHXMpuB8gak69G_T2g@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
-----Original Message-----
From: olivier2553@gmail.com [mailto:olivier2553@gmail.com] On Behalf Of =
Olivier Nicole
Sent: Friday, June 12, 2015 7:19 PM
To: Lt. Commander
Cc: freebsd-questions@freebsd.org
Subject: Re: Script question

Jason,

> I would like to be able to scan the daily maillog with a script at =
midnight to extract a list by selecting spam recognized and contained =
using the constant "score=3D(greater than x) and from that a list of =
just the IPs which will be placed in a spam file as part of a spam =
system here. Am tired of some getting past spamass even though it =
exceeds a reasonable tag level.
>
> I do know how to extract just the IP from a line in the log, but not =
sure what the syntax should be to first ID the "score=3D<x" in a simple =
sh shell script.

What would be the typical lines from the log?

I;d use Perl rather than sh.

Olivier


>
> I hope this has been presented clear enough to gather some help on =
this task.
>
> Thanks,
> Jason

Oliver:

This is a typical line in the log. You see it has the info needed:

-------------------------------------------------------------------------=
----------------------
un 12 08:56:42 myhost.com milter-spamc[58732]: 01937 t5CDueuM006830: =
spam=3DYES score=3D110.90 required=3D6.00 client_addr=3D117.62.50.137 =
client_name=3D[117.62.50.137] subject=3D'Re: I won't tell this secrect =
to anyone else...' mail=3D<info@cse.gob.ni> rcpts=3D<physics@xxxx.com>
-------------------------------------------------------------------------=
----------------------

Thanks,
Jason



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?BAY404-EAS263BBC0728E6171BD47A4AECCBA0>