Hi,
The attached script finds the most active spammers from qsheff.log and
adds them to qmail badmailfrom. As result, qmail rejects email from
these servers at qmail-smtpd duration. This prevents you against other
spams which qsheff cannot identify (like image spams) from the same server.
You should run this script periodical to keep your badmailfrom updated.
THRESHOLD=8
That is the default value. It means that, we will add IPs sent at least
8 spams.
regards
--
Baris Simsek, http://www.enderunix.org/simsek/
Endersys Ltd., http://www.endersys.com/
#!/bin/sh
#
# Finds the most active spammers from qsheff.log
# and adds them to qmail badmailfrom.
#
# Created by Baris Simsek
#
# http://www.enderunix.org/qsheff
#
THRESHOLD=8
LOGFILE=/var/log/qsheff.log
BADFILE=/var/qmail/control/badmailfrom
cat $LOGFILE | grep SPAM | cut -d',' -f3 | cut -c11- > /tmp/ips.txt
cat /tmp/ips.txt | sort -u > /tmp/unique_ips.txt
cat /tmp/unique_ips.txt |
while read line; do
count=$(grep $line /tmp/ips.txt | wc -l);
if [ $count -gt $THRESHOLD ]; then echo $line; fi
done >> $BADFILE
rm -f /tmp/ips.txt
rm -f /tmp/unique_ips.txt
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
