Commands to select emails dropped by AD filter.

Leon_ironport · ‎10-09-2007

Hi,
Yesterday I used this commands to choose some emails to populate the SPAMTRAPS.

I would like to share with ALL.

You need a linux box to use this commands.

I will start from the beginning to new users.

#----------------Commands start here

mkdir ironport

cd ironport

#Transfering logs from ironport

ftp ip_ironport

hash

bin

prompt

cd mail_logs

mget *

bye

#Filtering log files

cd ..

cat ironport/*|grep LDAPACCEPT>email

cat email|awk '{print $12 ; }'|sed 's/</g>//g'|tr '[A-Z]' '[a-z]'|sort|uniq -c|sort -rn>final

#To compact final file

bzip2 -zkv final

#---------------------------------

Then you can transfer final.bz2 file using Winscp.exe

The final file will look like this:

200 ademilson@acme.com

147 jrodrigues@acme.com

139 rosi@acme.com

132 wesleyoliveira@acme.com

105 ricardo@acme.com

95 apisul@acme.com

85 matizonkas@acme.com

74 helio@acme.com

72 joserodrigues@acme.com

68 altogarca@acme.com

67 marco@acme.com

67 cobranca@acme.com

65 viviane@acme.com

65 edivaina@acme.com

65 cadastro@acme.com

64 julismar@acme.com

63 suelmar@acme.com

63 ricardoborges@acme.com

60 esio@acme.com

56 joviania@acme.com

56 fernandom@acme.com

56 carla@acme.com

55 neto@acme.com

Please let me now your comments.

mychrislo_ironport · ‎10-10-2007

I have turned on Anti-spam archiving

Currently configured logs:
1. "antispam" Type: "Anti-Spam Logs" Retrieval: FTP Poll
2. "antivirus" Type: "Anti-Virus Logs" Retrieval: FTP Poll
3. "asarchive" Type: "Anti-Spam Archive" Retrieval: FTP Poll <-----

So can also retrieve those marked spam and be sent to spamcop for processing. But I did not use any script to automate it.

So everytime I need to get the asarchive files and use some perl script to split it into a single mail and forward to spamcop.

Thank you for sharing.