I have a script written in VBS which imports the ERR rejections in the logfile to a MySQL table, dividing everything into 288 five-minute segments (for a total of 24 hours).
wow, why be so complicated?? that's complete overkill K.I.S.S.!!
once an hour, run a script that process the log file
1. greps for log for /smtpd.*err.*invalid user/,
2. awk's out field 6, and strips the []
3. sort -f | uniq -ic
4. awk for field 1 being greater than 10 (or whatever)
that's almost a Unix one liner (and no SQL database sideshow), except for:
The problem with Imail logs is that the PTR/unknown info is not logged with the IP, so if you want to be cautious and block only IPs 1) no PTR and 2) x number of rejects to unknown users, your script has the work of doing the PTR queries.
Due to wide range of IPs participating, I find it less and less useful to do the above harvesting.
and a huge %of the such crap is from subscriber networks world-wide WITH PTR. And you get a lot of backscatter from legit mailservers participating in joe-jobs.
Len
_____________________________________________________________________ http://MenAndMice.com/DNS-training : Denver; NYC; San Jose http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
