This script is awesome, and does exactly what I wanted. I can set the filename to what I want, and schedule it to run as often as I need, which automates the process very nicely.
I'm glad someone understood what I was trying to accomplish, the situation has absolutely nothing to do with accepting or refusing messages and everything to do with how the system responds to these trap addresses. -Don -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Sent: Tuesday, February 12, 2008 7:52 PM To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy Subject: Re: [Assp-user] Using large list for Penalty Trap addresses Donald Brooks wrote: > I have one particular domain on my mail server that gets a LOT of brute > force address harvesting attmepts. Over time, I noticed that most of the > usernames are repeated over time, usually withing a few days. > > I've come up with what I think is a decent defense against it, so I > thought I would share, and would like some input if there may be a > better way, or any improvements to be made. Here's what I've done: > > Take a complete 7 day maillog file, and use grep to extract all the > lines containing 'invalid address rejected:" > > Using Excel I made colums separated at the : and the @ which gives me > one column with only the user names of the offending addresses. > > You could use the uniq command, to filter out duplicate entries, > although I haven't for this initial test. > > I dumped all this to a text file called invalid.txt in my assp > directory. > > I then changed the Penalty Trap Address (spamtrapaddresses) value to > file:invalid.txt I wrote that automates that some time ago. http://scripts.asspsmtp.org/invalidAddresses2PenaltyTrap.zip Just change the paths and set the minCount to what you want and you should be good to go. > Perhaps something similar could be incorporated into future releases? Probably not. Kevin ------------------------------------------------------------------------ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
