hi all
recently we had a spam attack due to a compromised user. we are planning
on a script to prevent this by having an automatic tool to monitor the
qmail queue.
if the number of emails in the queue exceeds say 100 then open every email
in the queue, track the ips and if any one is repeated
Hi Rajesh,
have a look at the iptables- module recent. It logs connections on the desired
ports, counting new connections in a table and, when a threshold is reached,
blocks the concerned ip.
Consider running a script that looks at the blocked ips to resolve the problem
on the infected PC.