OK, so I've been rewriting a daemon I use for POP3 before SMTP (poprelayd-KAM) to include parsing the maillog for RCPT Throttle notices. I'd originally planned to use this information to deny connections with MD but DFS convinced me to use iptables instead. I then studied DFS' script that monitors the maillog and modifies iptable chains. Unfortunately, I needed to expire the entries every 10 minutes and his script wouldn't achieve that easily for me. So I then had to learn more than I ever wanted to know about the perl IPTables::IPv4. Lots of thanks to DFS for his original script which gave me the idea of using iptables and how to setup a logging chain.
Anyway, this new version of the script handles the following: It runs as a daemon constantly processing the maillog rather than using cron. It sets up the iptables for you (if you have other iptable entries, you will want to look at sub setup_iptable) It maintains a database of the addresses. It maintains the iptable rules and is written to ensure duplicate entries aren't put in (hence allowing expiration). If you kill and start poprelayd-KAM again, it will resetup the existing blocks. It expires entries in the database and removes the associated iptable rule using a configurable setting. It kills the sendmail process associated with the ip being blocked. This was VERY important because my original version worked too well and I was blocking enough connections fast enough that I was leaving a bunch of sendmail+MD processes in kind of a wait status because I've abruptly blocked their network packets. It does require IPTables::IPv4 and pkill in addition to DB::File. Feedback & testing appreciated. http://www.pccc.com/downloads/sendmail/current-8.12.X/untarred/contrib/poprelay-RCPT_Throttle/ Regards, KAM _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
