While I'm trying to sort out my server problems, I'm also battling with spammers trying to use my server for a relay. Unfortunately for them, it's closed so they're just spamming away at a brick wall.

This is, however, generating REAMS of log entries.

I need to start blocking the spammer's IP address (refuse connection), but am having real difficulty with sorting the Log. Every entry is recorded in chronological order, but in fact many processes run for days attempting delivery to bounced non-existent addresses.

I've tried sorting the file in Excel by JOB number, and that at least has grouped processes together. But now it's difficult to find the connection which triggered the process in the first place.

What I really need is a good log analyzer which can track and thread processes. I hear there's something called "Logcheck" for Linux, which e-mails log reports to the admin account each day.

Does anyone know where I can get this, or if there are better / smarter log analysers out there?

Cheers

I turned off that log feature in Linux. It produced vast reams of stuff that I didn't want. It would send it to me when I logged on - "You have mail!" just before the StartX screen kicked in, so if I ignored it for a couple of seconds it disappeared anyway. There is probably a way to pick up that mail at a more helpful time, but I stopped looking before I found it.

Can you turn up the security a notch on your router, so that the spammers don't even register on the PC? If Shields Up! says it's fully stealthed, they should get bored and go away after a while. Mine's like that, and I now have the log turned off.

I turn on the router's log once in a while, just to check, and there's usually either nothing or just a couple of "pings".

Can you turn up the security a notch on your router, so that the spammers don't even register on the PC? If Shields Up! says it's fully stealthed, they should get bored and go away after a while.

Thanks for the suggestions, but it defeats the point of having a mailserver if you hide it behind the firewall :rolleyes:

I don't want to stop anyone (or other mailservers) connecting to it. I need to receive the (genuine) mail they want to send me! But I do want to block those IPs who are trying to spam the server, and for that I need to be able to analyze the logs a bit better than I can at the moment.

(I'll be pointing it to the spamcop blacklist soon too - when I figure out how!!!)

http://www.freeos.com/articles/3540/

"You can download Logcheck from http://www.psionic.com and go for the download URL. Get the latest sources. At the time of writing the article, Logcheck was in version 1.1.1. A point to be noted out here; while you can download Logcheck as a non root user, you would have to login as root while installing as Logcheck prefers to install its scripts, binaries and other configuration files to directories owned by root.

Step 1

Untarring the sources is the first step towards [blah, blah blah]

Good luck!

:ok:

Ooops! That psionic url leads to Cisco. But Logcheck is still available on Sourceforge at http://sourceforge.net/projects/logcheck

Good Man! :D

Thanks very much. :ok: