http://72.14.177.54/SFVLUG/?title=Email_Dictionary_Attack&action=history Revision history for this page on the wiki en MediaWiki 1.15.1 Sun, 21 Jun 2026 17:36:12 GMT http://72.14.177.54/SFVLUG/?title=Email_Dictionary_Attack&diff=1688&oldid=prev <p></p> <p><b>New page</b></p><div>This is just some Bourne shell script I whipped up while trying to learn more about a dictionary attack hitting my mail server. Messages not delivered to a real user are dropped into /var/spool/mail/bounce in maildir format. Change the numbers following seq to the start and finish messages desired to check. I'm just posting this here primarily as a scrapbook, and for educational purposes.<br /> <br /> for A in `seq 137146 200000` ; do<br /> [ -f ../mail/bounce/$A ] || continue<br /> formail -x To &lt; ../mail/bounce/$A | awk '{print $NF}' | tr -d \\&lt; | tr -d \\&gt; | tr A-Z a-z<br /> done | egrep '@example.com$' | sort | uniq -c | less</div> Mon, 29 Jan 2007 06:01:57 GMT Dualdflipflop http://72.14.177.54/SFVLUG/Talk:Email_Dictionary_Attack