Hi there, On Thu, 24 Mar 2011, der Mouse wrote:
> >> Could something like the system that keeps track of pool server > >> quality be setup to collect data on abusive clients? > > > > I'd like to see it happen, but personally I don't have any time to > > build it. > > I do have the time to build it, at least an initial proof-of-concept If it's of any use, we have something very vaguely similar which we've scripted for our mail clients. We use syslog-ng to pipe our mail logs through a Perl script, which uses ipsets and iptables to block abusive mail clients on the fly according to a set of rules. The rules and results of their application are stored in a MySQL database, and can also be logged to text files. There's a white/green/grey/blacklist facility, also using tables in the database, which is fairly flexible. It uses an IP to country map for some of the blacklisting and logging. The database tables holding blacklists etc. are maintained manually. The syslog-ng configuration is trivial, the script is about 800 lines of easy Perl. There are something like 15 database tables. You would probably want to trim a lot of bloat, quite a chunk of the code would be of no use because it concerns the comparison of strings in mail log output with those in the various lists, but the essential functionality is there. It's been running on our fairly lightly loaded mail servers for some years, and to date has blocked about 70,000 abusive ip ranges. There's negligible load on the servers from all this. If you think it might save you any time, you're welcome to it. There are of course no guarantees expressed or implied. :) > ... is this list an appropriate place ... ? FWIW I'd like to read the discussion. This is normally a quiet list. :) -- 73, Ged. _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
