Hi Bill , I wrote a small VB program . ---------------------------------- Here is more details about the system.
I am using the KIWI syslog server software to send the logs to the SQL You can specify in IMAIL syslogs server ip address .(IF you run KIWI on the same machine ,you have to stop IMAIL syslog ) I have wrote a small Visual Basic Program which scan the SQL database for " ERR .... INVALID USER " lines every 2 min. And my little program Open a telnet connection to the firewall ADD the ip address to block . Then the program remove the ip address after 1 hour. On my firewall i wrote a global policie group to deny access to port 25 So the software add the ip address and specify that it belong to that group lls. I decided also to integrate DECLUDE JUNKMAIL with my firewall. For weight over 20 i will block for 1 hour For weight over 30 will block for 2 hour And so on. Rifat ----- Original Message ----- From: "Bill B." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 16, 2003 3:11 PM Subject: Re: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration integration Rifat, What software are you using to do the tarpitting? Are you running it on the same server as IMail, or on a separate box? Bill -----Original Message----- From: "Rifat Levis" Sent: Mon, 16 Jun 2003 02:01:45 +0300 Subject: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration People intersted in tarpitting and Declude firewall integration can read this. I just finished the tarpitting protection for my IMAIL server I am sending logs to the kiwi syslog server and forwarding it to SQL to analyse data When in a 2 min period a single ip send mail to more than 5 unknown account I am blocking the ip address on my netscreen firewall for 1 hour. The next step of this is to integrate Declude to the firewall I have 3 weight weight 10 warn weight 15 warn weight 20 delete Instead of deleting weight 20 i will forward it to an account to send data to SQL analyse it and then block it for 1 hour . NOTE : I am sure that KAMI will be interested :) Best Regards Rifat Levis --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
