Archive for June, 2011

Handy script to parse Postfix maillogs for failed login IP addresses

June 2, 2011 Leave a comment

You can use the script below to parse your maillog (mail.log on Debian based distros) for failed login attempts and place the results in your hosts.deny file or your IP tables config. The script deletes leading 0 IP addresses and filters out [brackets]. You can change the grep filter phrase to your liking.

grep “failed” /var/log/maillog | grep -Eo “([0-9]{1,3}.){3}[0-9]{1,3}” | sed ‘s/^[0]*//’ | uniq

Categories: sysadmin