Skip to content

Instantly share code, notes, and snippets.

@mxroute

mxroute/sentry.sh

Last active Aug 2, 2018
Embed
What would you like to do?
Suspend outbound email on cPanel when more than 300 emails sent this hour, report via pushover (replace that part with your own code or remove it)
#!/bin/bash
NODE=$(/bin/hostname)
DT1=$(tail /var/log/exim_mainlog -n 1 | awk '{print $1}')
DT2=$(tail /var/log/exim_mainlog -n 1 | awk '{print $2}' | cut -c1-2)
DT=$(echo "$DT1 $DT2")
AMOUNT=$(grep "$DT" /var/log/exim_mainlog | egrep -o 'dovecot_login[^ ]+' | sort|uniq -c|sort -nk 1 | tail -n 1 | awk '{print $1}')
ADDR=$(grep "$DT" /var/log/exim_mainlog | egrep -o 'dovecot_login[^ ]+' | sort|uniq -c|sort -nk 1 | tail -n 1 | awk '{print $2}' | sed -e 's/dovecot_login://g')
DOMAIN=$(grep "$DT" /var/log/exim_mainlog | egrep -o 'dovecot_login[^ ]+' | sort|uniq -c|sort -nk 1 | tail -n 1 | awk '{print $2}' | sed -e 's/dovecot_login://g' | grep -o "@[[:alnum:][:graph:]]*" | sed -e 's/@//g')
USER=$(grep $DOMAIN /etc/userdomains | awk 'NF>1{print $NF}' | tail -n 1)
CHECK=$(grep "$ADDR" /root/sentry_list | wc -l)
if (( $AMOUNT > 300 )) && (( $CHECK = 0 )); then
echo "$ADDR" >> /root/sentry_list
/usr/bin/uapi --user=$USER Email suspend_outgoing email=$ADDR
/bin/bash /root/pushover.sh/pushover.sh Suspended $ADDR from $USER on $NODE
else
echo "No action taken."
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment