From owner-freebsd-questions@FreeBSD.ORG Sat Jun 13 01:17:22 2015 Return-Path: Delivered-To: freebsd-questions@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4FD63A89 for ; Sat, 13 Jun 2015 01:17:22 +0000 (UTC) (envelope-from jd1008@gmail.com) Received: from mail-ig0-x22a.google.com (mail-ig0-x22a.google.com [IPv6:2607:f8b0:4001:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 16A30782 for ; Sat, 13 Jun 2015 01:17:22 +0000 (UTC) (envelope-from jd1008@gmail.com) Received: by igbsb11 with SMTP id sb11so20534630igb.0 for ; Fri, 12 Jun 2015 18:17:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=AHU+C89ah2BtRvdtYox2bb4BwFGAehbmMBr5FoIYwKE=; b=HjuZpFJgeERptur/pTguS0cEQwoSuu+qpBcT/M/sAp3EgIyRbJ0LhejT4xH+0NdaEk IJ4TY+9p9eXTdoWDDtnIuPEeRBFzPUvH7V2MD7ywbEU/KKj2KLxe0HiHuruLPNXMhZPa zQaCbTssno7aeDUPzBfOgMc+NjSvesNypwM8UsgzZIohbLSY5+pboP8zECRGPUOjnxkm OphpWFwbi3TsjvVhXXizU/qWRl44qahGLIcQXZFpRa4CtKmawuVlmgKxd+nR8mc7qP7D s3CBMOBlL3nzZKJnfAygHcQOlWLy2ITUcTA9sBuKF9RlqNLxpgke3+9yifPI0AeRWYxP s5mQ== X-Received: by 10.50.117.106 with SMTP id kd10mr7728802igb.24.1434158241513; Fri, 12 Jun 2015 18:17:21 -0700 (PDT) Received: from localhost.localdomain ([50.243.6.59]) by mx.google.com with ESMTPSA id vk8sm2364691igb.4.2015.06.12.18.17.20 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Jun 2015 18:17:20 -0700 (PDT) Message-ID: <557B8484.9060405@gmail.com> Date: Fri, 12 Jun 2015 19:16:52 -0600 From: jd1008 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Script question References: In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jun 2015 01:17:22 -0000 On 06/12/2015 06:29 PM, Lt. Commander wrote: > -----Original Message----- > From: olivier2553@gmail.com [mailto:olivier2553@gmail.com] On Behalf Of Olivier Nicole > Sent: Friday, June 12, 2015 7:19 PM > To: Lt. Commander > Cc: freebsd-questions@freebsd.org > Subject: Re: Script question > > Jason, > >> I would like to be able to scan the daily maillog with a script at midnight to extract a list by selecting spam recognized and contained using the constant "score=(greater than x) and from that a list of just the IPs which will be placed in a spam file as part of a spam system here. Am tired of some getting past spamass even though it exceeds a reasonable tag level. >> >> I do know how to extract just the IP from a line in the log, but not sure what the syntax should be to first ID the "score= What would be the typical lines from the log? > > I;d use Perl rather than sh. > > Olivier > > >> I hope this has been presented clear enough to gather some help on this task. >> >> Thanks, >> Jason > Oliver: > > This is a typical line in the log. You see it has the info needed: > > ----------------------------------------------------------------------------------------------- > un 12 08:56:42 myhost.com milter-spamc[58732]: 01937 t5CDueuM006830: spam=YES score=110.90 required=6.00 client_addr=117.62.50.137 client_name=[117.62.50.137] subject='Re: I won't tell this secrect to anyone else...' mail= rcpts= > ----------------------------------------------------------------------------------------------- > > Thanks, > Jason > Hi Jason, Does the log consist of one liners as you show above? In otherwords, is each one line entry for one message? Are there more than 1 line per message in the log?