[AMaViS-user] Local Spam
Hello, from my amavid-new log I saw that a significant protion of spam is generated inside my network. Here the command: # cat /var/log/amavis | grep -i Blocked SPAM, LOCAL I have configured Postfix so that it lookups an IP for client access to my SMTP gataway. If lookup is succesfull, that IP can relay trough my server. Otherwise, the client is discarded, rejected or rejected with a 550 customized code. I'ld like to trigger an insert of an IP inside the lookup table as soon as the IP is flashed out of sending spam, with action REJECT. It is possible to do so? Or is a matter of Postfix? rocsca - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Local Spam
Rocco Scappatura wrote: Hello, from my amavid-new log I saw that a significant protion of spam is generated inside my network. Here the command: # cat /var/log/amavis | grep -i Blocked SPAM, LOCAL I have configured Postfix so that it lookups an IP for client access to my SMTP gataway. If lookup is succesfull, that IP can relay trough my server. Otherwise, the client is discarded, rejected or rejected with a 550 customized code. I'ld like to trigger an insert of an IP inside the lookup table as soon as the IP is flashed out of sending spam, with action REJECT. It is possible to do so? Or is a matter of Postfix? you can parse logs. look for fail2ban and the like. Use with caution... - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Local Spam
from my amavid-new log I saw that a significant protion of spam is
generated inside my network. Here the command:
# cat /var/log/amavis | grep -i Blocked SPAM, LOCAL
I have configured Postfix so that it lookups an IP for
client access
to my SMTP gataway. If lookup is succesfull, that IP can
relay trough
my server. Otherwise, the client is discarded, rejected or rejected
with a 550 customized code.
I'ld like to trigger an insert of an IP inside the lookup table as
soon as the IP is flashed out of sending spam, with action REJECT.
It is possible to do so? Or is a matter of Postfix?
you can parse logs. look for fail2ban and the like.
What is 'fail2ban'?
I would like to know if there is something of ready to use..
Otherwise, I'm thinking to use awk to get IP and an header of a guilty
email to send to the responsible of that IP.
#!/bin/sh
cat /var/log/amavis | grep -i Blocked SPAM, LOCAL | gawk '{ print
substr(substr($10,1,length($10)-1),2,length($10)) substr($16, 1,
length($16)-1) }' | awk ' BEGIN {
}
{
ip[$1] = $2;
}
END{
for (i in ip) {
print echo i gunzip -c /var/virusmails/ ip[i]
| head -20;
}
}' | sh
And run it as a cron job every night.
At the moment I lack two things:
1) get only the headers of the emails (and not only the 20 starting
lines)
2) determine who I have to send the email
rocsca
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Local Spam
Rocco Scappatura wrote:
from my amavid-new log I saw that a significant protion of spam is
generated inside my network. Here the command:
# cat /var/log/amavis | grep -i Blocked SPAM, LOCAL
I have configured Postfix so that it lookups an IP for
client access
to my SMTP gataway. If lookup is succesfull, that IP can
relay trough
my server. Otherwise, the client is discarded, rejected or rejected
with a 550 customized code.
I'ld like to trigger an insert of an IP inside the lookup table as
soon as the IP is flashed out of sending spam, with action REJECT.
It is possible to do so? Or is a matter of Postfix?
you can parse logs. look for fail2ban and the like.
What is 'fail2ban'?
Make Google your friend.
http://www.fail2ban.org/wiki/index.php/Main_Page
I would like to know if there is something of ready to use..
Otherwise, I'm thinking to use awk to get IP and an header of a guilty
email to send to the responsible of that IP.
#!/bin/sh
cat /var/log/amavis | grep -i Blocked SPAM, LOCAL | gawk '{ print
substr(substr($10,1,length($10)-1),2,length($10)) substr($16, 1,
length($16)-1) }' | awk ' BEGIN {
}
{
ip[$1] = $2;
}
END{
for (i in ip) {
print echo i gunzip -c /var/virusmails/ ip[i]
| head -20;
}
}' | sh
And run it as a cron job every night.
At the moment I lack two things:
1) get only the headers of the emails (and not only the 20 starting
lines)
This requires a parser. perl/python/php/C can do that more easily. but I
am not sure what you are exactly trying to do? (I see the log parsing
part, but not what you want to do with /var/virusmails).
2) determine who I have to send the email
what do you want to send? ask for a contact list at every client, and
when there is a problem, post to this contact address.
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Local Spam
What is 'fail2ban'?
Make Google your friend.
http://www.fail2ban.org/wiki/index.php/Main_Page
Nice.
But I need to inform a client of my network as soon as I block him.
I would like to know if there is something of ready to use..
Otherwise, I'm thinking to use awk to get IP and an header of a guilty
email to send to the responsible of that IP.
#!/bin/sh
cat /var/log/amavis | grep -i Blocked SPAM, LOCAL | gawk '{ print
substr(substr($10,1,length($10)-1),2,length($10)) substr($16, 1,
length($16)-1) }' | awk ' BEGIN {
}
{
ip[$1] = $2;
}
END{
for (i in ip) {
print echo i gunzip -c /var/virusmails/ ip[i]
| head -20;
}
}' | sh
And run it as a cron job every night.
At the moment I lack two things:
1) get only the headers of the emails (and not only the 20 starting
lines)
This requires a parser. perl/python/php/C can do that more easily. but I
am not sure what you are exactly trying to do? (I see the log parsing
part, but not what you want to do with /var/virusmails).
Sorry, I give you some more insight on what I have done:
- $10 is the '[aaa.bbb.ccc.ddd]' string where aaa.bbb.ccc.ddd is the
sender ip
- $16 is the qurantined message relative to $QUARANTINEDIR
- /var/virusmails is the value of $QUARANTINEDIR
rocsca
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
