Raj skrev, on 22-08-2007 21:08:
i want to block the ips of spam sources immediately as soon as dspam detects
them as spam
You have a problem, you're receiving too much spam. But you're thinking
of solving it with a redundant solution.
As Brandon points out, you'll be cutting off your nose to spite your
face. My site stops much stuff with greylisting and a huge amount by
using zen.spamhaus.org as one of two DNSBLs. The advantage of these, is
that they are "transient", i.e. greylisting only temporarily stops
senders at the first attempt - most bots never try to send twice, whilst
rfc2821-compliant MTAs do. And ISPs gives IP numbers of their networks
that should never send mail to spamhaus, those can always be revoked, if
necessary - and you as mailadmin don't have to do anything.
I monitor all mail on my server (1,500+ users) very closely and I'm
confident we don't have false positives with the above two measures.
Also, I use latest Postfix which itself has many anti-UCE stuff that I
also make use of.
Best,
--Tonni
dspam does a logs these ips correctly into my /var/log/maillog file so i know
that things are working correctly
on the linux console i use the following command to block an ip address
/sbin/iptables -I INPUT -s 111.111.111.111 -j DROP
this code snippet below is from the dspam source ie dspam.c file in the src
directory
the variable called "ip" contains the ip address which is logged to the maillog
file
i understand that just a single line is required after the last line to execute
the command but i am not sure of the C syntax
can someone help me ?
###########
int tracksource(DSPAM_CTX *CTX) {
char ip[32];
if (!dspam_getsource (CTX, ip, sizeof (ip)))
{
if (CTX->totals.innocent_learned + CTX->totals.innocent_classified > 2500) {
if (CTX->result == DSR_ISSPAM &&
_ds_match_attribute(agent_config, "TrackSources", "spam")) {
FILE *file;
char dropfile[MAX_FILENAME_LENGTH];
LOG (LOG_INFO, "spam detected from %s", ip);
###########
thanks
raj
--
Tony Earnshaw
Email: tonni at hetnet dot nl
