>> What is 'fail2ban'?
>
> Make Google your friend.
> http://www.fail2ban.org/wiki/index.php/Main_Page
Nice.
But I need to inform a client of my network as soon as I block him.
>> I would like to know if there is something of ready to use..
>>
>> Otherwise, I'm thinking to use awk to get IP and an header of a guilty
>> email to send to the responsible of that IP.
>>
>> #!/bin/sh
>> cat /var/log/amavis | grep -i "Blocked SPAM, LOCAL" | gawk '{ print
>> substr(substr($10,1,length($10)-1),2,length($10)) " " substr($16, 1,
>> length($16)-1) }' | awk ' BEGIN {
>> }
>> {
>> ip[$1] = $2;
>> }
>> END{
>> for (i in ip) {
>> print "echo " i " && gunzip -c /var/virusmails/" ip[i]
>> " | head -20";
>> }
>> }' | sh
>>
>> And run it as a cron job every night.
>>
>> At the moment I lack two things:
>>
>> 1) get only the headers of the emails (and not only the 20 starting
>> lines)
>
> This requires a parser. perl/python/php/C can do that more easily. but I
> am not sure what you are exactly trying to do? (I see the log parsing
> part, but not what you want to do with /var/virusmails).
Sorry, I give you some more insight on what I have done:
- $10 is the '[aaa.bbb.ccc.ddd]' string where aaa.bbb.ccc.ddd is the
sender ip
- $16 is the qurantined message relative to $QUARANTINEDIR
- /var/virusmails is the value of $QUARANTINEDIR
rocsca
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
