-------- Original-Nachricht -------- > Datum: Wed, 22 Aug 2007 19:08:31 +0000 > Von: "Raj" <[EMAIL PROTECTED]> > An: [email protected] > Betreff: [dspam-users] blocking ips of spam source in firewall
> Hi > > i want to block the ips of spam sources immediately as soon as dspam > detects them as spam > > dspam does a logs these ips correctly into my /var/log/maillog file so i > know that things are working correctly > > on the linux console i use the following command to block an ip address > > /sbin/iptables -I INPUT -s 111.111.111.111 -j DROP > And how long do you want to block them? > this code snippet below is from the dspam source ie dspam.c file in the > src directory > > the variable called "ip" contains the ip address which is logged to the > maillog file > You could missuse something like fail2ban (http://www.fail2ban.org/) to do that task instead of patching DSPAM. Another possibility would be to use RABL (http://www.zdziarski.com/projects/rabl/) and patch RABL to the blocking and automatic unblocking. > i understand that just a single line is required after the last line to > execute the command but i am not sure of the C syntax > > can someone help me ? > > ########### > > int tracksource(DSPAM_CTX *CTX) { > char ip[32]; > > if (!dspam_getsource (CTX, ip, sizeof (ip))) > { > if (CTX->totals.innocent_learned + CTX->totals.innocent_classified > > 2500) { > if (CTX->result == DSR_ISSPAM && > _ds_match_attribute(agent_config, "TrackSources", "spam")) { > FILE *file; > char dropfile[MAX_FILENAME_LENGTH]; > LOG (LOG_INFO, "spam detected from %s", ip); > > > ########### > > thanks > raj -- GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS. Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
