[ossec-list] Postfix rule

[Jorge Augusto Senger]

A postfix rule that I use on my ossec.
This is very useful for mail servers using black-lists for anti-spam.

postfix_rules.xml

------------------------------------------------------------------------

  <rule id="6010" level="5">
    <if_sid>6000</if_sid>
    <regex>blocked using cbl.abuseat.org</regex>
    <description>Blocked using cbl </description>
  </rule>
  <rule id="6011" level="5">
    <if_sid>6000</if_sid>
    <regex>blocked using bl.spamcop.net</regex>
    <description>Blocked using spamcop </description>
  </rule>
  <rule id="6061" level="10" frequency="$POSTFIX_FREQ" timeframe="45">
    <if_matched_sid>6011</if_matched_sid>
    <same_source_ip />
    <description>IP address black-listed (spamcop).</description>
  </rule>

------------------------------------------------------------------------


Jorge

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---