you could also use fail2ban for that. You just have to specify a custom
rule ("filter") for the spamdyke-log output. Then the sender ip will be
released after a specified timeframe and not blocked forever ;).(IMHO it is still not a very good idea to block by firewall) Otto Sebastian Grewe schrieb: > Hey Guys, > > I have been working on a simple bash script that will read from it's > standard input and presents some statistics from the logfile in realtime > (when used with "tail -f .." ). > After a few days that we have been attacked by spambots I got curious > how to avoid these things in the future. The script we use is able to > count the denied connections > per IP and, if desired, adds this IP to the Firewall to reject incoming > connections (brutal, I know). As the firewalling is optional you might > still be interested in it to run just > to see what's going on. > > It's written for BASH 3.0.15 but with a little change in the pattern > matcher it runs on higher versions too. To start it in live mode run it > like this: > > tail -f /var/log/qmail/smtp/current | qmail_parser.sh > > and if you just want to scan some files and see what happened to this: > > cat /var/log/qmail/smtp/* | qmail_parser.sh > > Since it's BASH it's not very good when it comes to performance but does > the trick well when used with "tail". Also it's not catching everything > (yet) since I was looking for only > some very specific lines in the logfile. Anyhow, try it out and tell me > what you think - attached the current script to this mail. > > Cheers, > Sebastian > > > ------------------------------------------------------------------------ > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
