I totally forgot about that - but I am not using the script to block them forever, just to monitor qmail when a large amount of connections is coming in (which happens ever so often). Even so I did turn off the blocking feature since qmail handles it just fine and connections clear up after a while. I was just concerned that legitimate e-mail wouldn't be coming through - but since they try to resend if no connection could be established that's not a concern anymore.
So yeah, I use it to see what's being blocked and for what reason - even added whitelist matches now. It's basically just colored and filtered output of your qmail logfiles now :D Cheers, Sebastian Otto Berger wrote: > you could also use fail2ban for that. You just have to specify a custom > rule ("filter") for the spamdyke-log output. Then the sender ip will be > released after a specified timeframe and not blocked forever ;). > > (IMHO it is still not a very good idea to block by firewall) > > Otto > > Sebastian Grewe schrieb: > >> Hey Guys, >> >> I have been working on a simple bash script that will read from it's >> standard input and presents some statistics from the logfile in realtime >> (when used with "tail -f .." ). >> After a few days that we have been attacked by spambots I got curious >> how to avoid these things in the future. The script we use is able to >> count the denied connections >> per IP and, if desired, adds this IP to the Firewall to reject incoming >> connections (brutal, I know). As the firewalling is optional you might >> still be interested in it to run just >> to see what's going on. >> >> It's written for BASH 3.0.15 but with a little change in the pattern >> matcher it runs on higher versions too. To start it in live mode run it >> like this: >> >> tail -f /var/log/qmail/smtp/current | qmail_parser.sh >> >> and if you just want to scan some files and see what happened to this: >> >> cat /var/log/qmail/smtp/* | qmail_parser.sh >> >> Since it's BASH it's not very good when it comes to performance but does >> the trick well when used with "tail". Also it's not catching everything >> (yet) since I was looking for only >> some very specific lines in the logfile. Anyhow, try it out and tell me >> what you think - attached the current script to this mail. >> >> Cheers, >> Sebastian >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> spamdyke-users mailing list >> spamdyke-users@spamdyke.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users