Rocco Scappatura wrote:
>>> from my amavid-new log I saw that a significant protion of spam is
>>> generated inside my network. Here the command:
>>>
>>> # cat /var/log/amavis | grep -i "Blocked SPAM, LOCAL"
>>>
>>> I have configured Postfix so that it lookups an IP for
>> client access
>>> to my SMTP gataway. If lookup is succesfull, that IP can
>> relay trough
>>> my server. Otherwise, the client is discarded, rejected or rejected
>>> with a 550 customized code.
>>>
>>> I'ld like to trigger an insert of an IP inside the lookup table as
>>> soon as the IP is flashed out of sending spam, with action REJECT.
>>>
>>> It is possible to do so? Or is a matter of Postfix?
>> you can parse logs. look for fail2ban and the like.
>
> What is 'fail2ban'?
Make Google your friend.
http://www.fail2ban.org/wiki/index.php/Main_Page
>
> I would like to know if there is something of ready to use..
>
> Otherwise, I'm thinking to use awk to get IP and an header of a guilty
> email to send to the responsible of that IP.
>
> #!/bin/sh
> cat /var/log/amavis | grep -i "Blocked SPAM, LOCAL" | gawk '{ print
> substr(substr($10,1,length($10)-1),2,length($10)) " " substr($16, 1,
> length($16)-1) }' | awk ' BEGIN {
> }
> {
> ip[$1] = $2;
> }
> END{
> for (i in ip) {
> print "echo " i " && gunzip -c /var/virusmails/" ip[i]
> " | head -20";
> }
> }' | sh
>
> And run it as a cron job every night.
>
> At the moment I lack two things:
>
> 1) get only the headers of the emails (and not only the 20 starting
> lines)
This requires a parser. perl/python/php/C can do that more easily. but I
am not sure what you are exactly trying to do? (I see the log parsing
part, but not what you want to do with /var/virusmails).
> 2) determine who I have to send the email
>
what do you want to send? ask for a contact list at every client, and
when there is a problem, post to this contact address.
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
