Last active
August 2, 2018 04:36
-
-
Save mxroute/93d0e6e19e6ea8c8f05d743a2ef4b505 to your computer and use it in GitHub Desktop.
Suspend outbound email on cPanel when more than 300 emails sent this hour, report via pushover (replace that part with your own code or remove it)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
NODE=$(/bin/hostname) | |
DT1=$(tail /var/log/exim_mainlog -n 1 | awk '{print $1}') | |
DT2=$(tail /var/log/exim_mainlog -n 1 | awk '{print $2}' | cut -c1-2) | |
DT=$(echo "$DT1 $DT2") | |
AMOUNT=$(grep "$DT" /var/log/exim_mainlog | egrep -o 'dovecot_login[^ ]+' | sort|uniq -c|sort -nk 1 | tail -n 1 | awk '{print $1}') | |
ADDR=$(grep "$DT" /var/log/exim_mainlog | egrep -o 'dovecot_login[^ ]+' | sort|uniq -c|sort -nk 1 | tail -n 1 | awk '{print $2}' | sed -e 's/dovecot_login://g') | |
DOMAIN=$(grep "$DT" /var/log/exim_mainlog | egrep -o 'dovecot_login[^ ]+' | sort|uniq -c|sort -nk 1 | tail -n 1 | awk '{print $2}' | sed -e 's/dovecot_login://g' | grep -o "@[[:alnum:][:graph:]]*" | sed -e 's/@//g') | |
USER=$(grep $DOMAIN /etc/userdomains | awk 'NF>1{print $NF}' | tail -n 1) | |
CHECK=$(grep "$ADDR" /root/sentry_list | wc -l) | |
if (( $AMOUNT > 300 )) && (( $CHECK = 0 )); then | |
echo "$ADDR" >> /root/sentry_list | |
/usr/bin/uapi --user=$USER Email suspend_outgoing email=$ADDR | |
/bin/bash /root/pushover.sh/pushover.sh Suspended $ADDR from $USER on $NODE | |
else | |
echo "No action taken." | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment