-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdomainenvelope.sh
121 lines (107 loc) · 4.85 KB
/
domainenvelope.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/bin/sh
# Script to extract offending ip's from mail(log) which try to send as my domain
################################################################
# Global definitions for the script - change to fit your needs #
################################################################
# Debug switch , set to yes for verbose info, else the script will be silent.
debug="yes"
# location of the file to be analysed ( typical /var/log/mail or /var/log/maillog)
MailLogfile="/var/log/mail"
# location of the file to write the results to (no trailing slash)
ResultFilePath="/root"
# Filename of the resultfile - this will need to be configured in pfBlocker lateron
ResultFileName="domain-envelope.txt"
# The following part assumes there is a trust between the mailserver and the serving host for usage in pfSense
# transfer the final file to a webhost
TransferResult="yes"
# Remote webserver FQDN for transferring it
RemoteServer="<fqdn-of-webserver-host>"
# remote directory-path on the webserver ( no trailing slash !)
RemotePath="/your/remote/path/that/serves/the/resultfile"
# remote filename (if it should be different from the source-filename)
RemoteFileName=""
# remote username to use to transfer files
RemoteUser="root"
#########################################################################
# DO NOT CHANGE BELOW UNLESS YOU ARE EXACTLY KNOW WHAT YOU ARE DOING #
#########################################################################
# Check if target directory exists, if not create it
if [ ! -d "$ResultFilePath" ]; then
if [ $debug == "yes" ]; then
printf "Defined resultfile-directory $ResultFilePath was not found, creating it.\n"
fi
mkdir -p $ResultFilePath
PreAddCount=0
else
# if file is found read the number of entries
if [ $debug == "yes" ]; then
printf "Defined resultfile-directory $ResultFilePath was found...Proceeding\n"
fi
if [ -f "$ResultFilePath/$ResultFileName" ]; then
PreAddCount=$(awk '{ print }' $ResultFilePath/$ResultFileName| wc -l)
if [ $debug == "yes" ]; then
printf "Lines in original file : $PreAddCount \n"
fi
else
if [ $debug == "yes" ]; then
printf "No previous resultfile found.\n"
fi
PreAddCount=0
fi
fi
# Check existance of sourcefile, if not there report and exit.
if [ ! -f "$MailLogfile" ]; then
printf "Defined sourcefile $MailLogfile was not found ... Aborting \n"
exit;
else
# If it exists read the file for SASL login failures
if [ $debug == "yes" ]; then
printf "Analysing input file $MailLogfile ... \n"
fi
ipResults=$(cat $MailLogfile | grep -i 'Do not use my domain in your envelope sender' | awk '{print $8}'|grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}"|sort --unique )
# check result after reading file, if no matches were found exit
if [[ -z "$ipResults" ]]; then
if [ $debug == "yes" ]; then
printf "No offending IP-Addresses found......Exiting \n"
fi
exit;
else
# if results were found write them to the Resultfile
if [ $debug == "yes" ]; then
printf "$ResultLineCount Offending addresses found: \n"
printf "$ipResults \n"
fi
# write resultfile in raw format
if [ $debug == "yes" ]; then
printf "writing IPs to $ResultFilePath/$ResultFileName : \n"
echo "$ipResults" >> $ResultFilePath/$ResultFileName
fi
# rewrite resultfile to only contain unique IPs
UniqueIPs=$(cat $ResultFilePath/$ResultFileName | sort --unique )
echo "$UniqueIPs" > $ResultFilePath/$ResultFileName
PostAddCount=$(awk '{ print }' $ResultFilePath/$ResultFileName| wc -l)
if [ $debug == "yes" ]; then
printf "$(($PostAddCount-$PreAddCount)) Unique IP's were added this run. \n"
fi
# send resultfile to webhost
if [ $(($PostAddCount-$PreAddCount)) == 0 ]; then
if [ $debug == "yes" ]; then
printf "No changes were found from previous run, not sending resultfile to remote. \n"
fi
else
if [ $TransferResult == "yes" ]; then
if [ -n $RemoteFileName ]; then
if [ $debug == "yes" ]; then
printf "Sending resultfile $ResultFilePath/$ResultFileName to remote as $RemoteUser"@"$RemoteServer":"$RemotePath"/"$RemoteFileName \n"
fi
scp $ResultFilePath/$ResultFileName $RemoteUser"@"$RemoteServer":"$RemotePath"/"$RemoteFileName
else
if [ $debug == "yes" ]; then
printf "Sending resultfile $ResultFilePath/$ResultFileName to remote as $RemoteUser"@"$RemoteServer":"$RemotePath"/" \n"
fi
scp $ResultFilePath/$ResultFileName $RemoteUser"@"$RemoteServer":"$RemotePath"/"
fi
fi
fi
fi
fi