CheckAuthLog
What is it?
CheckAuthLog is a security feature for email servers. It can check the log files for suspicious email sending behaviour which may be indicative of a compromised email account and block that account.
What could I use it for?
If you are running a Postfix or Exim email server, you can use this script to enhance security of your server. Stolen email credentials are now often used to send spam. A spam outflow from your email server could cause you reputation problems particularly with large email providers and RBL users. While there are many other things you can do as a first line of prevention, if you have a large or variegated group of users, ultimately you may not be able to stop email credentials being stolen.
How do I get it?
The code for the project is available from
Previous versions are archived for historical reference but are no longer maintained and should not be used: CheckAuthLog previous versions
GPG signatures for the latest version is available here CheckAuthLog gpg signatures