Here is the simplex script that I use to filter attacking sites. I should be easy to add your extra bits (email etc).
Cheers, Stephen #! /bin/sh d=`date +"%b %d"` grep "$d" /var/log/mail/info.log|grep ruleset=check_rcp | gawk '{split($0,q,/[\[\]]/);print "/sbin/iptables -A INPUT -s " q[4] "/32 -j DROP"}' | sort -u > /tmp/fw$$ #reset iptable to base /etc/rc.d/rc.fw > /dev/null 2>&1 #add new filter(s) . /tmp/fw$$ rm -f /tmp/fw$$ -- ============================================================================= Stephen Davies Consulting P/L Phone: 08-8177 1595 Adelaide, South Australia. Mobile:040 304 0583 Records & Collections Management.