Hi to all!
I made a simple script that scans sendmail log files, finds IP from which
several spam messages were received, and blocks them in sendmail access file.
The backgroung is as follows: Once I found that our MX is nearly down. Running
top exposed a lot of spamd instances, cosuming almost all CPU time. Examining
maillog showed, that one of our subscribers sent about 4000 messages within
approximately 15 minutes, and all them were spam. I manually banned that
subscriber in /etc/mail/access and informed their personel about possible
zombie infection.
Now I have script that runs from cron and instantly blocks hosts that have sent
us more than some maximum number of spam messages within last hour (or any
duration of your choice).
The script is availble from http://sa-russian.narod.ru/block_spammers.bash
Understanding of some fundamentals of BASH scripting is expected. The only MTA
supported is sendmail. Look at the comments inside the script to tailor it to
your installation.
Best regargs,
Alan M. Makoev