Exim Log Scanner

2013-04-22

Just a quick script that scans the Exim mainlog looking for blacklist replies.

This is still a work in progress, but is designed to eventually replace the need for MX Toolbox and the like.

~~~~
#!/bin/bash

# Full path to the exim mainlog
_eximlog_="/var/log/exim_mainlog"

#Defaults
_hours_="24"

function __getlog__ () {
        local date_today=$(date "+%s")
        local date_check=$(date --date="-${_hours_}hours" "+%s")
        local date_from=$(date -d @$(( `date +%s` - $((3600 * ${_hours_})) )) +'%Y-%m-%d %H' )
        local date_file=$(stat -c %X ${_eximlog_})
        if [[ $((${date_today} - ${date_file})) -lt $((3600 * ${_hours_})) ]]; then
                zcat $(ls -1t --color=none ${_eximlog_}* | head -n 2 | tail -n 1) | sed "1,/${date_from}/d"
                cat ${_eximlog_}
        else
                sed "1,/${date_from}/d" ${_eximlog_}
        fi
}

function __logsort__ () {
        case ${1} in
                "blacklist")    _message_=$(__getlog__ | grep "after initial connection" | grep -i "blocked") ;;
        esac
        if [[ ! ${_message_} == "" ]]; then
                case ${1} in
                        "blacklist") echo "${_message_}"
                esac
        fi
}

function __bootstrap__ () {
        [[ ! -f ${_eximlog_} ]] && exit 1
        while [[ ${@} ]]; do
                case ${1} in
                        "-b") _operation_="blacklists" ;;
                        "-h")
                                if [[ ! ${2} =~ ^[0-9]+$ ]]; then
                                        echo "[Error] Invalid hours!"
                                        exit 1
                                else
                                        _hours_=${BASH_REMATCH[0]}
                                fi
                        ;;
                esac
                shift
        done
        case ${_operation_} in
                "blacklists") __logsort__ "blacklist" ;;
                *) __help__ ;;
        esac
}

function __help__ () {
        echo -e "Usage:  $0 [-h hours] [-b]"
        echo -e "-h [hours] Scan back this number of hours. If not present then it defaults to 24. This setting is not precise to the minute, so it will contain log entries from 'hours' up to 'hours+1'."
        echo -e "-b (blacklists) search for blocked outbound connections due to our IP address being blocked."
}

__bootstrap__ ${@}
~~~~

As usual, I hold no responsibility for what this does to anything.