you could also use fail2ban for that. You just have to specify a custom
rule (filter) for the spamdyke-log output. Then the sender ip will be
released after a specified timeframe and not blocked forever ;).
(IMHO it is still not a very good idea to block by firewall)
Otto
Sebastian Grewe
I totally forgot about that - but I am not using the script to block
them forever, just to monitor qmail when a large amount of connections
is coming in (which happens ever so often). Even so I did turn off
the blocking feature since qmail handles it just fine and connections
clear up after a
Sorry to say that I haven't had a chance to check out your script yet,
Sebastian. :(
Speaking of colored and filtered qmail logfiles though, there's a nice
'qmlog' script at qtp.qmailtoaster.com (part of the qmailtoaster-plus
package). It allows easy viewing and searching of qmail (et al)
Hey Eric,
As I undestand it qmlog is just a tool to find a specific logfile entry if
you are looking for certain times where a connection has been made.
My script is just checking for spamdyke output, and only specific output
at that. I also am using a while loop to read the lines in instead of
After checking out the code in that script I think it might be easier
for me to just start on my script and extend it's functionality to look
for all lines in those logfiles instead of just spamdyke.
I will see what I can do.
Cheers,
Sebastian
Eric Shubert wrote:
Sorry to say that I haven't
Thanks. I'm sure you'll keep us posted! :)
Sebastian Grewe wrote:
After checking out the code in that script I think it might be easier
for me to just start on my script and extend it's functionality to look
for all lines in those logfiles instead of just spamdyke.
I will see what I can do.
Sure will, so here we go.
Attached a modified qmlog script that can be run with the -c option
to add colored output for most log entries in Qmail Toaster. If something
is missing or doesn't match correctly it will have the FIXME tag before
the line.
When running in color mode less output will
Hey Guys,
I have been working on a simple bash script that will read from it's
standard input and presents some statistics from the logfile in realtime
(when used with tail -f .. ).
After a few days that we have been attacked by spambots I got curious
how to avoid these things in the future.
