hi all,
in the spirit of sharing ;)
here's a little script i just whipped up a few minutes ago.
assuming you're using Postfix and are subscribed to the Spamhaus DNSBL
(the *most* effective one, by the way) running this script will let you
give those spammers a little lovin' -- i mean, a little grief.
basically the script parses lines from /var/log/maillog looking for errors
caused by spamhaus-listed hosts connecting.
i noticed that the inveterate spammers listed in spamhaus will continue
connecting to your host even if you're rejecting them.
what this script does is dynamically add iptables entries to DROP their
packets on the floor. so if they try connecting again (after the first
time..) they'll hang forever. hehehe. :)
what would be NICE is have a distributed worldwide network. and then when
a spamhaus-listed IP connects to you, you will initialize a distributed
ping flood on that IP, one flood per connect to you.
ah darn. that would've been a neat way to teach those spammers.. too bad i
don't have that worldwide network..
---
Orlando Andico <[EMAIL PROTECTED]>
Mosaic Communications, Inc.
#!/usr/bin/perl
# update iptables to add spamhaus IP's who connect to us
use File::Tail;
use strict;
my $filename = "/var/log/maillog";
my $file = File::Tail->new ($filename) or die;
my %bad_ips;
while (defined(my $line = $file->read)) {
if ($line =~ / \[(.*)\] blocked using sbl\.spamhaus\.org/i) {
my $ip = $1;
if (!defined($bad_ips{$ip})) {
my $cmd = "/sbin/iptables -t filter -A INPUT -p tcp -s $ip
--syn -j DROP";
open (F, ">>/tmp/iptables.log");
print F $cmd, "\n";
close (F);
$bad_ips{$ip} = 1;
`$cmd`;
}
}
}
exit;
