After checking out the code in that script I think it might be easier
for me to just start on my script and extend it's functionality to look
for all lines in those logfiles instead of just spamdyke.
I will see what I can do.
Cheers,
Sebastian
Eric Shubert wrote:
> Sorry to say that I haven't had a chance to check out your script yet,
> Sebastian. :(
>
> Speaking of colored and filtered qmail logfiles though, there's a nice
> 'qmlog' script at qtp.qmailtoaster.com (part of the qmailtoaster-plus
> package). It allows easy viewing and searching of qmail (et al) logs.
> I'm wondering if your 'coloring and filtering' might be a nice
> enhancement to that script. Care to have a look into it?
>
> Sebastian Grewe wrote:
>
>> I totally forgot about that - but I am not using the script to block
>> them forever, just to monitor qmail when a large amount of connections
>> is coming in (which happens ever so often). Even so I did turn off
>> the blocking feature since qmail handles it just fine and connections
>> clear up after a while. I was just concerned that legitimate e-mail
>> wouldn't
>> be coming through - but since they try to resend if no connection could
>> be established that's not a concern anymore.
>>
>> So yeah, I use it to see what's being blocked and for what reason - even
>> added whitelist matches now.
>>
>> It's basically just colored and filtered output of your qmail logfiles
>> now :D
>>
>> Cheers,
>> Sebastian
>>
>> Otto Berger wrote:
>>
>>> you could also use fail2ban for that. You just have to specify a custom
>>> rule ("filter") for the spamdyke-log output. Then the sender ip will be
>>> released after a specified timeframe and not blocked forever ;).
>>>
>>> (IMHO it is still not a very good idea to block by firewall)
>>>
>>> Otto
>>>
>>> Sebastian Grewe schrieb:
>>>
>>>
>>>> Hey Guys,
>>>>
>>>> I have been working on a simple bash script that will read from it's
>>>> standard input and presents some statistics from the logfile in realtime
>>>> (when used with "tail -f .." ).
>>>> After a few days that we have been attacked by spambots I got curious
>>>> how to avoid these things in the future. The script we use is able to
>>>> count the denied connections
>>>> per IP and, if desired, adds this IP to the Firewall to reject incoming
>>>> connections (brutal, I know). As the firewalling is optional you might
>>>> still be interested in it to run just
>>>> to see what's going on.
>>>>
>>>> It's written for BASH 3.0.15 but with a little change in the pattern
>>>> matcher it runs on higher versions too. To start it in live mode run it
>>>> like this:
>>>>
>>>> tail -f /var/log/qmail/smtp/current | qmail_parser.sh
>>>>
>>>> and if you just want to scan some files and see what happened to this:
>>>>
>>>> cat /var/log/qmail/smtp/* | qmail_parser.sh
>>>>
>>>> Since it's BASH it's not very good when it comes to performance but does
>>>> the trick well when used with "tail". Also it's not catching everything
>>>> (yet) since I was looking for only
>>>> some very specific lines in the logfile. Anyhow, try it out and tell me
>>>> what you think - attached the current script to this mail.
>>>>
>>>> Cheers,
>>>> Sebastian
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> spamdyke-users mailing list
>>>> spamdyke-users@spamdyke.org
>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>>
>>>>
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>>
>
>
>
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
