Edit File by line
/home/barbar84/public_h.../wp-conte.../plugins/sujqvwi/AnonR/smanonr..../opt/sharedra.../oldrads
File: outboundspam.sh
#!/bin/bash
[0] Fix | Delete
# outbound-spam-report.sh
[1] Fix | Delete
# Written by Ryan C <ryan@imhadmin.net> / x 769
[2] Fix | Delete
#
[3] Fix | Delete
# This script examines /var/log/exim_mainlog to find outbound messages
[4] Fix | Delete
# rejected by cpaneleximscanner (SpamAssassin) and sends an STR when it
[5] Fix | Delete
# finds an address with a number of rejected messages greater than the
[6] Fix | Delete
# threshold.
[7] Fix | Delete
#
[8] Fix | Delete
# ARGV1 to this script can be an integer in order to adjust
[9] Fix | Delete
# the threshold
[10] Fix | Delete
[11] Fix | Delete
HOSTNAME=$(hostname -s)
[12] Fix | Delete
CONTACT_EMAIL=str@imhadmin.net
[13] Fix | Delete
EMAIL_SUBJECT="[AUTO STR] Outbound SPAM on ${HOSTNAME}"
[14] Fix | Delete
[15] Fix | Delete
# Parse args
[16] Fix | Delete
for i in $@; do
[17] Fix | Delete
# Use the offset file?
[18] Fix | Delete
grep -q 'offset' -- <<<"$i"
[19] Fix | Delete
if [[ $? -eq 0 ]]; then
[20] Fix | Delete
OFFSET_FILE="/opt/sharedrads/ops/outbound-spam-offset"
[21] Fix | Delete
OFFSET=$(grep -E '[0-9]+' $OFFSET_FILE)
[22] Fix | Delete
[[ -z $OFFSET ]] && OFFSET=0
[23] Fix | Delete
fi
[24] Fix | Delete
[25] Fix | Delete
# Was a threshold specified? We're just looking for some number
[26] Fix | Delete
# passed as an argument
[27] Fix | Delete
grep -qE '^[0-9]+$' -- <<<"$i"
[28] Fix | Delete
if [[ $? -eq 0 ]]; then
[29] Fix | Delete
SPAM_THRESHOLD=$i
[30] Fix | Delete
fi
[31] Fix | Delete
[32] Fix | Delete
# Send an STR?
[33] Fix | Delete
grep -q 'send-str' -- <<<"$i"
[34] Fix | Delete
if [[ $? -eq 0 ]]; then
[35] Fix | Delete
SEND_STR=1
[36] Fix | Delete
fi
[37] Fix | Delete
[38] Fix | Delete
# help?
[39] Fix | Delete
grep -qE -- '-h|--help' <<<"$i"
[40] Fix | Delete
if [[ $? -eq 0 ]]; then
[41] Fix | Delete
cat <<EOF
[42] Fix | Delete
${0} [-h|--help] [--offset] [--send-str] [SPAM_THRESHOLD]
[43] Fix | Delete
[44] Fix | Delete
-h|--help Print help and exit.
[45] Fix | Delete
--offset Use offset file. Primarily intended to be used when run from
[46] Fix | Delete
cron.
[47] Fix | Delete
--send-str Send STR to ${CONTACT_EMAIL} for addresses which exceed the
[48] Fix | Delete
threshold.
[49] Fix | Delete
SPAM_THRESHOLD Default: 30; An integer representing the minumum number of
[50] Fix | Delete
blocked messages required in order to be included in the
[51] Fix | Delete
report
[52] Fix | Delete
[53] Fix | Delete
Examples:
[54] Fix | Delete
- Suggested cron invocation:
[55] Fix | Delete
${0} --offset --send-str
[56] Fix | Delete
[57] Fix | Delete
- Specify a specific threshold and print to STDOUT
[58] Fix | Delete
${0} 10
[59] Fix | Delete
[60] Fix | Delete
EOF
[61] Fix | Delete
exit
[62] Fix | Delete
fi
[63] Fix | Delete
done
[64] Fix | Delete
[65] Fix | Delete
# Defaults
[66] Fix | Delete
[[ -z $OFFSET ]] && OFFSET=0
[67] Fix | Delete
[[ -z $SPAM_THRESHOLD ]] && SPAM_THRESHOLD=30
[68] Fix | Delete
[[ -z $SEND_STR ]] && SEND_STR=0
[69] Fix | Delete
[70] Fix | Delete
# If the offset is greater than the number of lines, start from 0
[71] Fix | Delete
LOG_LINES=$(wc -l /var/log/exim_mainlog | awk '{print $1}')
[72] Fix | Delete
[[ $LOG_LINES -lt $OFFSET ]] && OFFSET=0
[73] Fix | Delete
[74] Fix | Delete
# Use mawk if it's available
[75] Fix | Delete
if command mawk 2>/dev/null; then
[76] Fix | Delete
AWK=mawk
[77] Fix | Delete
else
[78] Fix | Delete
AWK=awk
[79] Fix | Delete
fi
[80] Fix | Delete
[81] Fix | Delete
RESULTS=$($AWK -v "OFFSET=$OFFSET" \
[82] Fix | Delete
-v "OFFSET_FILE=$OFFSET_FILE" \
[83] Fix | Delete
-v "SPAM_THRESHOLD=$SPAM_THRESHOLD" \
[84] Fix | Delete
'BEGIN {
[85] Fix | Delete
ID_TO_EMAIL[0] = ""
[86] Fix | Delete
SPAM_COUNT[0] = ""
[87] Fix | Delete
USERS[0] = ""
[88] Fix | Delete
SPAM_IDS[0] = ""
[89] Fix | Delete
SPAM_IPS[0] = ""
[90] Fix | Delete
ACL = "/usr/local/cpanel/etc/exim/acls/ACL_OUTGOING_SMTP_CHECKALL_BLOCK/custom_begin_outgoing_smtp_checkall"
[91] Fix | Delete
[92] Fix | Delete
ACL_MAX_SCORE = 0;
[93] Fix | Delete
while ((getline < ACL) > 0) {
[94] Fix | Delete
SCORE_MATCH=match($0, /[$]spam_score_int[{}]+[0-9]+[}{]+1/)
[95] Fix | Delete
if (SCORE_MATCH) {
[96] Fix | Delete
ACL_MAX_SCORE = substr($0, SCORE_MATCH + 17, RLENGTH - 20)
[97] Fix | Delete
break
[98] Fix | Delete
}
[99] Fix | Delete
}
[100] Fix | Delete
[101] Fix | Delete
# spam_score_int should be divided by 10 to get the actual spam score that
[102] Fix | Delete
# will be used to filter mail
[103] Fix | Delete
MAX_SCORE = ACL_MAX_SCORE / 10
[104] Fix | Delete
}
[105] Fix | Delete
[106] Fix | Delete
NR > OFFSET {
[107] Fix | Delete
MSG_ID = $3
[108] Fix | Delete
if ($0 ~ /cpaneleximscanner detected OUTGOING.*as spam/) {
[109] Fix | Delete
MSG_ID = $3
[110] Fix | Delete
SPAM_SCORE = substr($NF, match($NF, /-?[0-9.]+/), RLENGTH)
[111] Fix | Delete
if (SPAM_SCORE > MAX_SCORE) {
[112] Fix | Delete
SPAM_IDS[MSG_ID] = ""
[113] Fix | Delete
}
[114] Fix | Delete
}
[115] Fix | Delete
if (MSG_ID in SPAM_IDS) {
[116] Fix | Delete
ADDR_MATCH = match($0, /F=<[a-zA-Z0-9@-.]+>/)
[117] Fix | Delete
if (ADDR_MATCH > 0) {
[118] Fix | Delete
SPAMMER = substr($0, ADDR_MATCH + 3, RLENGTH - 4)
[119] Fix | Delete
SPAM_COUNT[SPAMMER]++
[120] Fix | Delete
}
[121] Fix | Delete
}
[122] Fix | Delete
}
[123] Fix | Delete
END {
[124] Fix | Delete
for (ACCOUNT in SPAM_COUNT) {
[125] Fix | Delete
if (SPAM_COUNT[ACCOUNT] > SPAM_THRESHOLD) {
[126] Fix | Delete
printf("%5s %s\n", SPAM_COUNT[ACCOUNT], ACCOUNT)
[127] Fix | Delete
}
[128] Fix | Delete
}
[129] Fix | Delete
print "\n"
[130] Fix | Delete
if (OFFSET_FILE) {
[131] Fix | Delete
print NR > OFFSET_FILE
[132] Fix | Delete
}
[133] Fix | Delete
}' /var/log/exim_mainlog)
[134] Fix | Delete
[135] Fix | Delete
if [[ $(wc -l <<<"$RESULTS" | awk '{print $1}') -gt 1 ]]; then
[136] Fix | Delete
REPORT=$(echo -n "Outbound SPAM Report"
[137] Fix | Delete
if [[ ! -z $OFFSET_FILE ]]; then
[138] Fix | Delete
echo -ne " for lines ${OFFSET}-$(cat $OFFSET_FILE) of /var/log/exim_mainlog.\n"
[139] Fix | Delete
else
[140] Fix | Delete
echo -e "Please review mail logs and customer accounts for abuse.\n"
[141] Fix | Delete
fi
[142] Fix | Delete
[143] Fix | Delete
printf "%9s %5s %s\n" User "#" Address
[144] Fix | Delete
# Time for an ugly BASH loop
[145] Fix | Delete
while read number address ; do
[146] Fix | Delete
domain=$(cut -d@ -f2<<<"$address")
[147] Fix | Delete
user=$(grep -im1 "$domain" /etc/userdomains | cut -d: -f2 )
[148] Fix | Delete
[149] Fix | Delete
# Check to see if it was sent by the cPanel user
[150] Fix | Delete
grep -iq "@${HOSTNAME}" <<<"$address"
[151] Fix | Delete
if [[ $? -eq 0 ]]; then
[152] Fix | Delete
user=$(cut -d@ -f1 <<<"$address")
[153] Fix | Delete
fi
[154] Fix | Delete
[155] Fix | Delete
if [[ -z $user ]]; then
[156] Fix | Delete
printf "%9s %5s %s\n" -- $number $address
[157] Fix | Delete
else
[158] Fix | Delete
printf "%9s %5s %s\n" $user $number $address
[159] Fix | Delete
fi
[160] Fix | Delete
done <<<"$RESULTS" | sort -nk2)
[161] Fix | Delete
[162] Fix | Delete
# Send the report or print it
[163] Fix | Delete
if [[ $SEND_STR -eq 1 ]]; then
[164] Fix | Delete
echo "$REPORT" | mail -s "${EMAIL_SUBJECT}" $CONTACT_EMAIL
[165] Fix | Delete
else
[166] Fix | Delete
echo "$REPORT"
[167] Fix | Delete
fi
[168] Fix | Delete
else
[169] Fix | Delete
echo "Nothing to report!"
[170] Fix | Delete
fi
[171] Fix | Delete
[172] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function