Sorry to say that I haven't had a chance to check out your script yet, Sebastian. :(
Speaking of colored and filtered qmail logfiles though, there's a nice 'qmlog' script at qtp.qmailtoaster.com (part of the qmailtoaster-plus package). It allows easy viewing and searching of qmail (et al) logs. I'm wondering if your 'coloring and filtering' might be a nice enhancement to that script. Care to have a look into it? Sebastian Grewe wrote: > I totally forgot about that - but I am not using the script to block > them forever, just to monitor qmail when a large amount of connections > is coming in (which happens ever so often). Even so I did turn off > the blocking feature since qmail handles it just fine and connections > clear up after a while. I was just concerned that legitimate e-mail > wouldn't > be coming through - but since they try to resend if no connection could > be established that's not a concern anymore. > > So yeah, I use it to see what's being blocked and for what reason - even > added whitelist matches now. > > It's basically just colored and filtered output of your qmail logfiles > now :D > > Cheers, > Sebastian > > Otto Berger wrote: >> you could also use fail2ban for that. You just have to specify a custom >> rule ("filter") for the spamdyke-log output. Then the sender ip will be >> released after a specified timeframe and not blocked forever ;). >> >> (IMHO it is still not a very good idea to block by firewall) >> >> Otto >> >> Sebastian Grewe schrieb: >> >>> Hey Guys, >>> >>> I have been working on a simple bash script that will read from it's >>> standard input and presents some statistics from the logfile in realtime >>> (when used with "tail -f .." ). >>> After a few days that we have been attacked by spambots I got curious >>> how to avoid these things in the future. The script we use is able to >>> count the denied connections >>> per IP and, if desired, adds this IP to the Firewall to reject incoming >>> connections (brutal, I know). As the firewalling is optional you might >>> still be interested in it to run just >>> to see what's going on. >>> >>> It's written for BASH 3.0.15 but with a little change in the pattern >>> matcher it runs on higher versions too. To start it in live mode run it >>> like this: >>> >>> tail -f /var/log/qmail/smtp/current | qmail_parser.sh >>> >>> and if you just want to scan some files and see what happened to this: >>> >>> cat /var/log/qmail/smtp/* | qmail_parser.sh >>> >>> Since it's BASH it's not very good when it comes to performance but does >>> the trick well when used with "tail". Also it's not catching everything >>> (yet) since I was looking for only >>> some very specific lines in the logfile. Anyhow, try it out and tell me >>> what you think - attached the current script to this mail. >>> >>> Cheers, >>> Sebastian >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >> _______________________________________________ >> spamdyke-users mailing list >> spamdyke-users@spamdyke.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users