What is it?
CheckAuthLog is a security feature for email servers. It can check the log files for suspicious email sending behaviour which may be indicative of a compromised email account and block that account.
What could I use it for?
If you are running a Postfix or Exim email server, you can use this script to enhance security of your server. Stolen email credentials are now often used to send spam. A spam outflow from your email server could cause reputation problems particularly with large email providers and RBL users. While there are many other things you can do as a first line of defence, if you have a large or variegated group of users, you may not be able to avoid the risk of email credentials being stolen.
CheckAuthLog is not designed to completely stop spam sending or avoid all fraudulent use of an email account. However it can help stop things before they go too far out of control.
How do I get it?
The code for the project is hosted on github. Please see CheckAuthLog source code repository
Previous versions are archived for historical reference but are no longer maintained and should not be used: CheckAuthLog previous versions
GPG signatures for the latest version is available here CheckAuthLog gpg signatures