#!/bin/bash
grep -o 'unknown\[.*\]' /var/log/mail.log |grep -o '\[.*\]' | sed 's/\[//'|sed 's/\]//'|grep -v 192.168.118.252 |sort|uniq > DNSBL.txt
grep 'listed by domain' /var/log/mail.log |awk '{print $7}' |sort|uniq >> DNSBL.txt
ip=($(cat DNSBL.txt |sort |uniq)) #設定ip陣列
echo ${ip[@]} #叫出陣列值
len=${#ip[*]} #陣列長度
echo $len
/sbin/iptables -F
for i in "${ip[@]}" #迴圈
do
/sbin/iptables -t filter -I INPUT -p tcp -s $i -j DROP
done
Jun 28 14:33:21 relaynat postfix/smtpd[46810]: connect from unknown[185.143.73.103]
Jun 28 14:33:22 relaynat postfix/smtpd[46810]: disconnect from unknown[185.143.73.103] ehlo=1 quit=1 commands=2
grep -o 'unknown\[.*\]' /var/log/mail.log |grep -o '\[.*\]' | sed 's/\[//'|sed 's/\]//'|grep -v 192.168.118.252 |sort|uniq > DNSBL.txt
unknown[185.143.73.134]
[185.143.73.103]
185.143.73.134
Jun 28 14:29:20 relaynat postfix/dnsblog[45760]: addr 185.143.73.58 listed by domain zen.spamhaus.org as 127.0.0.4
grep 'listed by domain' /var/log/mail.log |awk '{print $7}' |awk '!x[$0]++' >> tmpList.txt
Jun 28 14:34:05 relaynat postfix/dnsblog[45760]: addr 185.143.72.34 listed by domain zen.spamhaus.org as 127.0.0.4
grep 'listed by domain' /var/log/mail.log |awk '{print $7}'
185.143.72.34
awk '!x[$0]++'
awk -F"" '{ for (i=6; i<=NF; i++) print $i }'
F定義awk要使用的分隔符為空格,這也是awk預設的分隔符。
NF定義欄位/列的總數,因此循環將從第6個欄位開始到最後一個欄位/列。
其中$N檢索第n個欄位的值,因此列印$i將基於循環計數列印當前欄位/列。