> > from my amavid-new log I saw that a significant protion of spam is
> > generated inside my network. Here the command:
> >
> > # cat /var/log/amavis | grep -i "Blocked SPAM, LOCAL"
> >
> > I have configured Postfix so that it lookups an IP for
> client access
> > to my SMTP gataway. If lookup is succesfull, that IP can
> relay trough
> > my server. Otherwise, the client is discarded, rejected or rejected
> > with a 550 customized code.
> >
> > I'ld like to trigger an insert of an IP inside the lookup table as
> > soon as the IP is flashed out of sending spam, with action REJECT.
> >
> > It is possible to do so? Or is a matter of Postfix?
>
> you can parse logs. look for fail2ban and the like.
What is 'fail2ban'?
I would like to know if there is something of ready to use..
Otherwise, I'm thinking to use awk to get IP and an header of a guilty
email to send to the responsible of that IP.
#!/bin/sh
cat /var/log/amavis | grep -i "Blocked SPAM, LOCAL" | gawk '{ print
substr(substr($10,1,length($10)-1),2,length($10)) " " substr($16, 1,
length($16)-1) }' | awk ' BEGIN {
}
{
ip[$1] = $2;
}
END{
for (i in ip) {
print "echo " i " && gunzip -c /var/virusmails/" ip[i]
" | head -20";
}
}' | sh
And run it as a cron job every night.
At the moment I lack two things:
1) get only the headers of the emails (and not only the 20 starting
lines)
2) determine who I have to send the email
rocsca
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
