#!/bin/bash # Karsten M. Self # Copyright (c) 2004 # License: GNU GPLd, I'll make it official if you bug me. export PATH=/usr/local/bin:/usr/bin:/bin # Stuff to create a monthly (or other regular interval) report on who's # doing the nasty, by ASN. # First: grab message ID & ASN, remove dupes. # ...in appropriate logfile directory. bzgrep -h -e '(^Message ID|^ASN \()' spam-reports.* | awk ' /^Message ID:/ { printf( "\n%s ", $0 )} /^ASN/ { printf( "%s", $0 )} END {print("")} ' | sort -u | sed -e 's/^.*ASN (0): *//' > /tmp/spam-by-asn # Total spams: TOTAL_SPAM=$( awk '{print $1}' /tmp/spam-by-asn | sort | uniq -c | sort -nr | addup ) TOTAL_ASNS=$( awk '{print $1}' /tmp/spam-by-asn | sort | uniq | wc -l ) # Spam by ASN (top 50): awk '{print $1}' /tmp/spam-by-asn | sort | uniq -c | sort -nr | head -100 | awk -v totspam=$TOTAL_SPAM ' BEGIN { printf( "Total spams: %s\n\n", totspam ) printf( "Rank Cum % Pct Spams ASN Description\n") printf( "---- ----- ---- ----- ----- -------------\n") } { rank = NR spams = $1 asn = $2 pct = (spams/totspam) * 100 cumspam = cumspam + spams cumpct = (cumspam/totspam) * 100 asn_descr = "" if ( match(asn, "^[0-9][0-9]*$") ) { command = "jwhois AS" asn " | grep '^as-name:' | head -1" command | getline asn_descr sub( "^as-name: *", "", asn_descr ) } else { asn_descr = "Query timed out" } if ( match( asn_descr, "^[^A-z]*$" ) ) { command = "whois AS" asn " | grep OrgName: | head -1" command | getline asn_descr sub( "^OrgName: *", "", asn_descr ) } if ( \ match( asn_descr, "UNSPECIFIED" ) || \ match( asn_descr, "---------" ) || \ match( asn_descr, "^AS[0-9][0-9]*" ) \ ) { command = "jwhois AS" asn " | grep '^descr:' | grep -v -- '----' | head -1" command | getline asn_descr sub( "^descr: *", "", asn_descr ) } if ( asn == "4294967295" ) { asn = "unk" } if ( asn == ";;" ) { asn = "n/a" } # printf( "asn: %s command: %s asn_descr: %s\n", asn, command, asn_descr) printf( "%4s %4.1f%% %4.1f%% %4d %-6s %s\n", rank, cumpct, pct, spams, asn, asn_descr ) } ' exit # Spam by ASN: sort -k1 /tmp/spam-by-asn | uniq