After checking out the code in that script I think it might be easier for me to just start on my script and extend it's functionality to look for all lines in those logfiles instead of just spamdyke.
I will see what I can do. Cheers, Sebastian Eric Shubert wrote: > Sorry to say that I haven't had a chance to check out your script yet, > Sebastian. :( > > Speaking of colored and filtered qmail logfiles though, there's a nice > 'qmlog' script at qtp.qmailtoaster.com (part of the qmailtoaster-plus > package). It allows easy viewing and searching of qmail (et al) logs. > I'm wondering if your 'coloring and filtering' might be a nice > enhancement to that script. Care to have a look into it? > > Sebastian Grewe wrote: > >> I totally forgot about that - but I am not using the script to block >> them forever, just to monitor qmail when a large amount of connections >> is coming in (which happens ever so often). Even so I did turn off >> the blocking feature since qmail handles it just fine and connections >> clear up after a while. I was just concerned that legitimate e-mail >> wouldn't >> be coming through - but since they try to resend if no connection could >> be established that's not a concern anymore. >> >> So yeah, I use it to see what's being blocked and for what reason - even >> added whitelist matches now. >> >> It's basically just colored and filtered output of your qmail logfiles >> now :D >> >> Cheers, >> Sebastian >> >> Otto Berger wrote: >> >>> you could also use fail2ban for that. You just have to specify a custom >>> rule ("filter") for the spamdyke-log output. Then the sender ip will be >>> released after a specified timeframe and not blocked forever ;). >>> >>> (IMHO it is still not a very good idea to block by firewall) >>> >>> Otto >>> >>> Sebastian Grewe schrieb: >>> >>> >>>> Hey Guys, >>>> >>>> I have been working on a simple bash script that will read from it's >>>> standard input and presents some statistics from the logfile in realtime >>>> (when used with "tail -f .." ). >>>> After a few days that we have been attacked by spambots I got curious >>>> how to avoid these things in the future. The script we use is able to >>>> count the denied connections >>>> per IP and, if desired, adds this IP to the Firewall to reject incoming >>>> connections (brutal, I know). As the firewalling is optional you might >>>> still be interested in it to run just >>>> to see what's going on. >>>> >>>> It's written for BASH 3.0.15 but with a little change in the pattern >>>> matcher it runs on higher versions too. To start it in live mode run it >>>> like this: >>>> >>>> tail -f /var/log/qmail/smtp/current | qmail_parser.sh >>>> >>>> and if you just want to scan some files and see what happened to this: >>>> >>>> cat /var/log/qmail/smtp/* | qmail_parser.sh >>>> >>>> Since it's BASH it's not very good when it comes to performance but does >>>> the trick well when used with "tail". Also it's not catching everything >>>> (yet) since I was looking for only >>>> some very specific lines in the logfile. Anyhow, try it out and tell me >>>> what you think - attached the current script to this mail. >>>> >>>> Cheers, >>>> Sebastian >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> spamdyke-users@spamdyke.org >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> > > > _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users