Re: [AMaViS-user] Temporary blocking IP of virus senders

[mouss]

Keith Dunnett a écrit :
[EMAIL PROTECTED] wrote:
But I'm seeking automatic solution, to make IP addition to 
client_checks file and running postmap hash:client_checks afterwards.

If anyone have some script/solution for that matter I'd be glad to get 
one :)


The obvious solution is to parse your mail log for amavis notices (from 
cron) and generate iptables rules
on the fly. 

if you block at IP level, and if sender client is an MTA, it will retry. 
 so once the IP is remove from the BL, you'll get all those messages.

It's better to block after MAIL FROM stage.

To avoid listing ISPs, he could only list those clients wich name looks 
dynamic. for instance, restrict to when hostname matches /\d\d\d-\d/. (I 
am meaning to limit damages, not to say that this pattern implies a 
dynamic client. it is still possible to have an isp mailer named 
"outmail-212-3" if it's the 3d mailer for some "212" block...)


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/