forked from CpanelInc/tech-TechScripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathspam_check.sh
executable file
·155 lines (142 loc) · 5.62 KB
/
spam_check.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
#!/bin/bash
# This script creates a few summaries from the mail queue to help you decide if
# the server is sending spam or not.
#
# Description:
# http://staffwiki.cpanel.net/LinuxSupport/EximSpamOneLiners
# for a summary of the code, the main code block is at the bottom
#
# To run:
# curl -s --insecure https://raw.githubusercontent.com/cPanelTechs/TechScripts/master/spam_check.sh > spam_check.sh; sh spam_check.sh
#
#todo: check that there's some mail in the queue vs printing empty
function debug() {
debug="off"
if [ "$debug" = "on" ]; then
echo $1
fi
}
# example:
# debug "variable_name is ${variable_name}"
use_current=0
backup_current=0
remove_current=0
temp_dir=/root
function get_temp_file_dir () {
clear;
read -p "
Choose a directory to store the temporary file cptemp_eximbp. This will store the output of exim -bp (default /root): " input_dir
debug "input_dir is ${input_dir}"
input_dir=${input_dir:-/root}
debug "input_dir is ${input_dir}"
temp_dir=$(echo $input_dir | sed 's/\/$//')
debug "temp_dir is ${temp_dir}"
if [ -e $temp_dir ]; then
if [ -e $temp_dir/cptemp_eximbp ]; then
get_output_decision
fi
else
echo "There was a problem, or that directory does not exist. Please try again."
get_temp_file_dir
fi
echo -e "\nThank you.\nThis file can later be used again to run commands (like 'cat $temp_dir/cptemp_eximbp | exiqsumm').\nThis script will not delete this temp file upon completion."
debug "temp_dir is ${temp_dir}"
}
# If the temp output file already exists, user must choose (this will go back to get_temp_file_dir when complete)
function get_output_decision () {
echo
read -p "Output file ($temp_dir/cptemp_eximbp) already exists. Please enter a number 1-3
1) Run diagnosis on the existing output file
2) Move to backup ($temp_dir/cptemp_eximbp.1), and create a new output file
3) Delete the existing output file, and create a new one (default): " file_choice
file_choice=${file_choice:-3}
case $file_choice in
1) use_current=1;
;;
2) backup_current=1;
;;
3) remove_current=1;
\rm -v $temp_dir/cptemp_eximbp
;;
*)
echo -e "\nPlease enter a valid choice: 1 to 3."
get_output_decision
;;
esac
}
function run_eximbp () {
debug "starting run_eximbp, backup_current is ${backup_current}\n use_current is ${use_current}"
if [ $use_current -eq 0 ]; then
echo -e "\nNow, beginning to run the command 'exim -bp'. If this takes an excruciatingly long time, you can cancel (control-c) this script.\n You can then run this script again using the same target directory and existing 'exim -bp' output file (using option 1 of this script).\n Often, all that's needed is 30s worth of gathering the oldest messages in the queue."
if [ $backup_current -eq 1 ]; then
echo; mv -v $temp_dir/cptemp_eximbp $temp_dir/cptemp_eximbp.1
exim -bp > $temp_dir/cptemp_eximbp
debug "exim -bp >> $temp_dir/cptemp_eximbp"
else
exim -bp > $temp_dir/cptemp_eximbp
debug "exim -bp > $temp_dir/cptemp_eximbp"
fi
fi
}
#todo: put this in a printf statement, report if domain is local/remote at the end:
# Are they local?
# for i in $doms; do echo -n $i": "; grep $i /etc/localdomains; done
function exiqsumm_to_get_top_domains () {
echo -e "\nDomains stopping up the queue:";
cat $temp_dir/cptemp_eximbp | exiqsumm | sort -n | tail -5;
# Get domains from Exim queue
doms=$(cat $temp_dir/cptemp_eximbp | exiqsumm | sort -n | egrep -v "\-\-\-|TOTAL|Domain" | tail -5 | awk '{print $5}')
}
function check_if_local () {
echo -e "\nDomains from above that are local:"
for onedomain in $doms; do
islocal=$(grep $onedomain /etc/localdomains)
ishostname=$(hostname | grep $onedomain)
if [ "$islocal" -o "$ishostname" ]; then
echo $onedomain;
fi
done
}
# There's an awk script in here that decodes base64 subjects
function get_subjects_of_top_domains () {
for onedomain_of_five in $doms; do
dom=$onedomain_of_five;
echo -e "\n\n Count / Subjects for domain = $onedomain_of_five:";
for email_id in `cat $temp_dir/cptemp_eximbp | grep -B1 $dom | awk '{print $3}'`; do
exim -Mvh $email_id | grep Subject;
done | sort | uniq -c | sort -n | tail;
done | awk '{
split($4,encdata,"?");
command = (" base64 -d -i;echo");
if ($0~/(UTF|utf)-8\?(B|b)/) {
printf " "$1" "$2" "$3" ";
print encdata[4] | command;
close(command);
}
else {print}
}
END {printf "\n"}'
}
# Domains sending:
function find_addresses_sending_out () {
declare -a sendingaddys=($(egrep "<" $temp_dir/cptemp_eximbp | awk '{print $4}' | sort | uniq -c | sort -n | sed 's/<>/bounce_email/g' | tail -4));
echo -e "\nAddresses sending out: " ${sendingaddys[@]} "\n"| sed 's/ \([0-9]*\) /\n\1 /g'
bigsender=$(echo ${sendingaddys[@]} | awk '{print $NF}');
echo -e "So the big sender is:\n"$bigsender
}
function find_addresses_sending_to_top_domains () {
echo;
for onedomain_of_five in $doms; do
echo "Mails attempting to be sent to domain [$onedomain_of_five], from:";
cat $temp_dir/cptemp_eximbp | grep -B1 $onedomain_of_five | egrep -v "\-\-|$onedomain_of_five" | awk '{print $4}' | sort | uniq -c | sort -n | tail -5;
echo;
done
}
# Run all functions
get_temp_file_dir
run_eximbp
exiqsumm_to_get_top_domains
check_if_local
get_subjects_of_top_domains
find_addresses_sending_out
find_addresses_sending_to_top_domains