lehels/gist:eee1bb86ba96d2ff5ec9 Secret

## gistfile1.txt
[~]# /usr/local/cpanel/3rdparty/bin/perl -ne '/^\S+\s+\S+\s+(\S+) \S+ (\S+ )?\[(\S+)\](:)?(?:\S*)?(?:\s)?(?:\S*)?(?::)\d+ rejected EHLO or HELO ylmf-pc: HELO\/EHLO - blacklisted HELO/ && print' /var/log/exim_rejectlog |tail -3
2015-09-07 01:51:05 [55288] H=(ylmf-pc) [IPADDRESS]:50767 rejected EHLO or HELO ylmf-pc: HELO/EHLO - blacklisted HELO
2015-09-07 01:51:06 [55292] H=(ylmf-pc) [IPADDRESS]:50768 rejected EHLO or HELO ylmf-pc: HELO/EHLO - blacklisted HELO
2015-09-07 01:51:07 [55294] H=(ylmf-pc) [IPADDRESS]:50769 rejected EHLO or HELO ylmf-pc: HELO/EHLO - blacklisted HELO

CUSTOM2_LOG = "/var/log/exim_rejectlog"

if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^\S+\s+\S+\s+(\S+) \S+ (\S+ )?\[(\S+)\](:)?(?:\S*)?(?:\s)?(?:\S*)?(?::)\d+ rejected EHLO or HELO ylmf-pc: HELO\/EHLO - blacklisted HELO/)) {
  `echo "HELO IS MATCHED" > /tmp/lfd_helo.tmp`;
  return ("Failed SMTP from blacklisted HELO",$1,"ylmf","3","25","300");
}

[~]# cat /tmp/lfd_helo.tmp
HELO IS MATCHED
	[~]# /usr/local/cpanel/3rdparty/bin/perl -ne '/^\S+\s+\S+\s+(\S+) \S+ (\S+ )?\[(\S+)\](:)?(?:\S)?(?:\s)?(?:\S)?(?::)\d+ rejected EHLO or HELO ylmf-pc: HELO\/EHLO - blacklisted HELO/ && print' /var/log/exim_rejectlog \|tail -3
	2015-09-07 01:51:05 [55288] H=(ylmf-pc) [IPADDRESS]:50767 rejected EHLO or HELO ylmf-pc: HELO/EHLO - blacklisted HELO
	2015-09-07 01:51:06 [55292] H=(ylmf-pc) [IPADDRESS]:50768 rejected EHLO or HELO ylmf-pc: HELO/EHLO - blacklisted HELO
	2015-09-07 01:51:07 [55294] H=(ylmf-pc) [IPADDRESS]:50769 rejected EHLO or HELO ylmf-pc: HELO/EHLO - blacklisted HELO

	CUSTOM2_LOG = "/var/log/exim_rejectlog"

	if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^\S+\s+\S+\s+(\S+) \S+ (\S+ )?\[(\S+)\](:)?(?:\S)?(?:\s)?(?:\S)?(?::)\d+ rejected EHLO or HELO ylmf-pc: HELO\/EHLO - blacklisted HELO/)) {
	`echo "HELO IS MATCHED" > /tmp/lfd_helo.tmp`;
	return ("Failed SMTP from blacklisted HELO",$1,"ylmf","3","25","300");
	}

	[~]# cat /tmp/lfd_helo.tmp
	HELO IS MATCHED