I totally forgot about that - but I am not using the script to block
them forever, just to monitor qmail when a large amount of connections
is coming in (which happens ever so often). Even so I did turn off
the blocking feature since qmail handles it just fine and connections
clear up after a while. I was just concerned that legitimate e-mail
wouldn't
be coming through - but since they try to resend if no connection could
be established that's not a concern anymore.
So yeah, I use it to see what's being blocked and for what reason - even
added whitelist matches now.
It's basically just colored and filtered output of your qmail logfiles
now :D
Cheers,
Sebastian
Otto Berger wrote:
> you could also use fail2ban for that. You just have to specify a custom
> rule ("filter") for the spamdyke-log output. Then the sender ip will be
> released after a specified timeframe and not blocked forever ;).
>
> (IMHO it is still not a very good idea to block by firewall)
>
> Otto
>
> Sebastian Grewe schrieb:
>
>> Hey Guys,
>>
>> I have been working on a simple bash script that will read from it's
>> standard input and presents some statistics from the logfile in realtime
>> (when used with "tail -f .." ).
>> After a few days that we have been attacked by spambots I got curious
>> how to avoid these things in the future. The script we use is able to
>> count the denied connections
>> per IP and, if desired, adds this IP to the Firewall to reject incoming
>> connections (brutal, I know). As the firewalling is optional you might
>> still be interested in it to run just
>> to see what's going on.
>>
>> It's written for BASH 3.0.15 but with a little change in the pattern
>> matcher it runs on higher versions too. To start it in live mode run it
>> like this:
>>
>> tail -f /var/log/qmail/smtp/current | qmail_parser.sh
>>
>> and if you just want to scan some files and see what happened to this:
>>
>> cat /var/log/qmail/smtp/* | qmail_parser.sh
>>
>> Since it's BASH it's not very good when it comes to performance but does
>> the trick well when used with "tail". Also it's not catching everything
>> (yet) since I was looking for only
>> some very specific lines in the logfile. Anyhow, try it out and tell me
>> what you think - attached the current script to this mail.
>>
>> Cheers,
>> Sebastian
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
> _______________________________________________
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
