#!/bin/sh # mail.clean_quarantine.sh # Local version: 1.0 # Copyright (c) 2008 Peter Kuyarov, All rights reserved # Tue Aug 26 10:21:22 MDT 2008 - 1.0 # added tracking table of servers with high spam scores # using that table for firewall blocking with pf # Tue Feb 12 08:32:54 MST 2008 # # delete old quarantined [spamass/clamav] emails # delete quarantined emails over certain spamass score # # scripts@pknet.net # http://peterk.org/scripts/ # PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin/:/usr/local/vpopmail/bin/ export PATH # # begin user config variables; # # max days to keep quarantine files; maxkeep=5 # delete email over this spamass score delspamover=18 # put that smtp server into spammers list for pf block pfspammers="/var/qmail/control/pf.spammers" # # end user config variables; # # below should not really be changed qscandir='/var/spool/qscand' quardir="$qscandir/quarantine" newspam="$qscandir/quarantine/spam/new" curspam="$qscandir/quarantine/spam/cur" logfile="/var/log/mail.clean_quarantine.log" hour=`date "+%H"` date=`date "+%Y.%m.%d.%H%M"` yesterday=`date -v -1d "+%Y.%m.%d"` maxkeepcount=0 delspamovercount=0 mvspamundercount=0 totalnewspamcount=`ls $newspam|wc -l|sed 's/ //g'` echo "---------------$date---------------" >> $logfile printf "$totalnewspamcount\t - $date - total new spam\n" >> $logfile # #delete old quarantined files over $maxkeep days # for oldspam in `find $quardir -type f -mtime +${maxkeep}d` do maxkeepcount=$(($maxkeepcount+1)) rm $oldspam done printf "$maxkeepcount\t - $date - 'rm'ed over ${maxkeep} days old\n" >> $logfile # make dated to be commented out so pf doesn't import it... echo "#`date`" >> $pfspammers # # to keep /var from filling up # delete quarantined spam over $delspamover # move other files to 'cur' directory for them to age out # only whatever is over $sa_quarantine is here; so anyways # all is 99% sure it's spam. for i in `find $newspam -type f | grep .....`;do score=`tail -2 $i|grep "Quarantine-Description: SPAM content refused by this network" | \ sed 's/.*(//g'|sed 's/\/.*//g'|sed 's/\..*//g'` if [ "$score" -gt "$delspamover" ];then delspamovercount=$(($delspamovercount+1)) spammersip=`grep 'Received: from' $i | grep -v localhost | head -1 | \ sed 's/.*(//g'|sed 's/)$//g'` echo $spammersip >> $pfspammers pfctl -q -t spammers -T add $spammersip rm $i; else mv $i $curspam mvspamundercount=$(($mvspamundercount+1)) fi; done printf "$delspamovercount\t - $date - 'rm'ed spamover $delspamover\n" >> $logfile printf "$mvspamundercount\t - $date - 'mv'ed spamunder $delspamover\n" >> $logfile # # at midnight do final tally of quarantined spam yesterday; # and print statistics on stdout for cron to email # if [ "$hour" = 00 ] then yesterday2=`date -v -1d "+%a, %d %b %Y"` totalspam=`grep "$yesterday2" $qscandir/quarantine.log | \ grep "SPAM content refused by this network" | \ wc -l|sed 's/ //g'` echo "---------------$yesterday.2359---------------" >> $logfile printf "$totalspam\t - $yesterday.2359 - TOTAL SPAM for the day\n" >>$logfile grep $yesterday $logfile fi