| Current Path : /opt/zabbix_scripts/ |
| Current File : //opt/zabbix_scripts/plesk_compromised_mail.sh |
#!/bin/bash
SPAMTEST=$(grep -hse "^$(date +"%b %d %H" -d "1 hour ago").*ALLOWED" -e "^$(date +"%b %d %H").*ALLOWED" /var/log/maillog /usr/local/psa/var/log/maillog | grep -v 'auth: (unknown)' | sed 's/^.*from: \(\S*\).*auth: \(\S*\).*$/mails sent from \1 (authed as \2)/g'|sort|uniq -ic|awk '{ if ($1>50) print $0}'|xargs)
if [[ -n "$SPAMTEST" ]]; then
echo "WARNING: Possible compromised mail accounts sending high volumes recently: $SPAMTEST"
exit 1
else
echo "OK: No compromised accounts found in the mail log"
exit 0
fi
Copyright 2K16 - 2K18 Indonesian Hacker Rulez
;?>)