Hi List!
New viruses, spam, etc. are being smarter than most anti-spam/virus technics
nowadays.
I am facing some kind of trojans that infect many clients computers with
broadband connection, and start sending a lot of emails to yahoo.com.tw or
tiscali.it for example.
Running a couple of IMGates, I wonder if someone has any script that can
easily detect the infected IP ( non-voluntary spammer ) so we can delete
those garbage.
For example, I do:
grep 'client=unknown\[ip.ad.dr.es' /var/log/maillog | awk -F: '{print $4}' |
./one_line_q.pl | cut -d " " -f 2 | postsuper -d -
Once I have the ip.ad.dr.es. And, yeah, deleting ALL emails from this IP in
queue.
So,
Question 1 is : How to get the ip.ad.dr.es without waiting the 'pflogsumm'
daily report, and
Question 2: Is there a way to raise Postfix self-defense to avoid spam-storm
from the 'inside' ? ANVIL maybe ?
TIA
Andres.-
