[AMaViS-user] Local Spam
Hello, from my amavid-new log I saw that a significant protion of spam is generated inside my network. Here the command: # cat /var/log/amavis | grep -i Blocked SPAM, LOCAL I have configured Postfix so that it lookups an IP for client access to my SMTP gataway. If lookup is succesfull, that IP can relay trough my server. Otherwise, the client is discarded, rejected or rejected with a 550 customized code. I'ld like to trigger an insert of an IP inside the lookup table as soon as the IP is flashed out of sending spam, with action REJECT. It is possible to do so? Or is a matter of Postfix? rocsca - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Local Spam
Rocco Scappatura wrote: Hello, from my amavid-new log I saw that a significant protion of spam is generated inside my network. Here the command: # cat /var/log/amavis | grep -i Blocked SPAM, LOCAL I have configured Postfix so that it lookups an IP for client access to my SMTP gataway. If lookup is succesfull, that IP can relay trough my server. Otherwise, the client is discarded, rejected or rejected with a 550 customized code. I'ld like to trigger an insert of an IP inside the lookup table as soon as the IP is flashed out of sending spam, with action REJECT. It is possible to do so? Or is a matter of Postfix? you can parse logs. look for fail2ban and the like. Use with caution... - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Local Spam
from my amavid-new log I saw that a significant protion of spam is generated inside my network. Here the command: # cat /var/log/amavis | grep -i Blocked SPAM, LOCAL I have configured Postfix so that it lookups an IP for client access to my SMTP gataway. If lookup is succesfull, that IP can relay trough my server. Otherwise, the client is discarded, rejected or rejected with a 550 customized code. I'ld like to trigger an insert of an IP inside the lookup table as soon as the IP is flashed out of sending spam, with action REJECT. It is possible to do so? Or is a matter of Postfix? you can parse logs. look for fail2ban and the like. What is 'fail2ban'? I would like to know if there is something of ready to use.. Otherwise, I'm thinking to use awk to get IP and an header of a guilty email to send to the responsible of that IP. #!/bin/sh cat /var/log/amavis | grep -i Blocked SPAM, LOCAL | gawk '{ print substr(substr($10,1,length($10)-1),2,length($10)) substr($16, 1, length($16)-1) }' | awk ' BEGIN { } { ip[$1] = $2; } END{ for (i in ip) { print echo i gunzip -c /var/virusmails/ ip[i] | head -20; } }' | sh And run it as a cron job every night. At the moment I lack two things: 1) get only the headers of the emails (and not only the 20 starting lines) 2) determine who I have to send the email rocsca - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Local Spam
Rocco Scappatura wrote: from my amavid-new log I saw that a significant protion of spam is generated inside my network. Here the command: # cat /var/log/amavis | grep -i Blocked SPAM, LOCAL I have configured Postfix so that it lookups an IP for client access to my SMTP gataway. If lookup is succesfull, that IP can relay trough my server. Otherwise, the client is discarded, rejected or rejected with a 550 customized code. I'ld like to trigger an insert of an IP inside the lookup table as soon as the IP is flashed out of sending spam, with action REJECT. It is possible to do so? Or is a matter of Postfix? you can parse logs. look for fail2ban and the like. What is 'fail2ban'? Make Google your friend. http://www.fail2ban.org/wiki/index.php/Main_Page I would like to know if there is something of ready to use.. Otherwise, I'm thinking to use awk to get IP and an header of a guilty email to send to the responsible of that IP. #!/bin/sh cat /var/log/amavis | grep -i Blocked SPAM, LOCAL | gawk '{ print substr(substr($10,1,length($10)-1),2,length($10)) substr($16, 1, length($16)-1) }' | awk ' BEGIN { } { ip[$1] = $2; } END{ for (i in ip) { print echo i gunzip -c /var/virusmails/ ip[i] | head -20; } }' | sh And run it as a cron job every night. At the moment I lack two things: 1) get only the headers of the emails (and not only the 20 starting lines) This requires a parser. perl/python/php/C can do that more easily. but I am not sure what you are exactly trying to do? (I see the log parsing part, but not what you want to do with /var/virusmails). 2) determine who I have to send the email what do you want to send? ask for a contact list at every client, and when there is a problem, post to this contact address. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Local Spam
What is 'fail2ban'? Make Google your friend. http://www.fail2ban.org/wiki/index.php/Main_Page Nice. But I need to inform a client of my network as soon as I block him. I would like to know if there is something of ready to use.. Otherwise, I'm thinking to use awk to get IP and an header of a guilty email to send to the responsible of that IP. #!/bin/sh cat /var/log/amavis | grep -i Blocked SPAM, LOCAL | gawk '{ print substr(substr($10,1,length($10)-1),2,length($10)) substr($16, 1, length($16)-1) }' | awk ' BEGIN { } { ip[$1] = $2; } END{ for (i in ip) { print echo i gunzip -c /var/virusmails/ ip[i] | head -20; } }' | sh And run it as a cron job every night. At the moment I lack two things: 1) get only the headers of the emails (and not only the 20 starting lines) This requires a parser. perl/python/php/C can do that more easily. but I am not sure what you are exactly trying to do? (I see the log parsing part, but not what you want to do with /var/virusmails). Sorry, I give you some more insight on what I have done: - $10 is the '[aaa.bbb.ccc.ddd]' string where aaa.bbb.ccc.ddd is the sender ip - $16 is the qurantined message relative to $QUARANTINEDIR - /var/virusmails is the value of $QUARANTINEDIR rocsca - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] deal with amavis on debian
hi to all can somebody tell wats the deal with amavis in debian.it creates a conf.d directorycan somebody tell me gud documentation on it and wats the working of files in conf.d and presendence order...can u help me out ...thanx in advance - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/