> > from my amavid-new log I saw that a significant protion of spam is > > generated inside my network. Here the command: > > > > # cat /var/log/amavis | grep -i "Blocked SPAM, LOCAL" > > > > I have configured Postfix so that it lookups an IP for > client access > > to my SMTP gataway. If lookup is succesfull, that IP can > relay trough > > my server. Otherwise, the client is discarded, rejected or rejected > > with a 550 customized code. > > > > I'ld like to trigger an insert of an IP inside the lookup table as > > soon as the IP is flashed out of sending spam, with action REJECT. > > > > It is possible to do so? Or is a matter of Postfix? > > you can parse logs. look for fail2ban and the like.
What is 'fail2ban'? I would like to know if there is something of ready to use.. Otherwise, I'm thinking to use awk to get IP and an header of a guilty email to send to the responsible of that IP. #!/bin/sh cat /var/log/amavis | grep -i "Blocked SPAM, LOCAL" | gawk '{ print substr(substr($10,1,length($10)-1),2,length($10)) " " substr($16, 1, length($16)-1) }' | awk ' BEGIN { } { ip[$1] = $2; } END{ for (i in ip) { print "echo " i " && gunzip -c /var/virusmails/" ip[i] " | head -20"; } }' | sh And run it as a cron job every night. At the moment I lack two things: 1) get only the headers of the emails (and not only the 20 starting lines) 2) determine who I have to send the email rocsca ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/