IMAP SMTP auth & SPAM
These handy bits of one line foo are straight from one of the smartest and strangest admins I have had the pleaure of meeting. He is always crafting these sort of tools for use.
Tally of who failed SMTP Auth login:
grep "smtp_auth: .* connect from" /var/log/messages | awk '{print $2"/"$1"/2007:"$3"\t"$9"\t"$10}' | sed -e "s/\[//g" -e "s/\]//g"
And their IPs
grep "smtp_auth: SMTP connect from" /var/log/messages | awk '{print $10}' | sed -e "s/\[//g" -e "s/\]//g" | sort -n | uniq -c | sort -nr | head -20
Tally of who succeeded SMTP Auth login:
grep "smtp_auth: smtp_auth: SMTP user " /var/log/messages | grep "logged in from " | awk '{print $2"/"$1"/2007:"$3"\t"$9"\t"$16}' | sed -e "s/\[//g" -e "s/\]//g"
And their IPs
grep "smtp_auth: smtp_auth: SMTP user " /var/log/messages | grep "logged in from " | awk '{print $16}' | sed -e "s/\[//g" -e "s/\]//g" | sort -n | uniq -c | sort -nr | head -20