Sorry to say that I haven't had a chance to check out your script yet,
Sebastian. :(
Speaking of colored and filtered qmail logfiles though, there's a nice
'qmlog' script at qtp.qmailtoaster.com (part of the qmailtoaster-plus
package). It allows easy viewing and searching of qmail (et al) logs.
I'm wondering if your 'coloring and filtering' might be a nice
enhancement to that script. Care to have a look into it?
Sebastian Grewe wrote:
> I totally forgot about that - but I am not using the script to block
> them forever, just to monitor qmail when a large amount of connections
> is coming in (which happens ever so often). Even so I did turn off
> the blocking feature since qmail handles it just fine and connections
> clear up after a while. I was just concerned that legitimate e-mail
> wouldn't
> be coming through - but since they try to resend if no connection could
> be established that's not a concern anymore.
>
> So yeah, I use it to see what's being blocked and for what reason - even
> added whitelist matches now.
>
> It's basically just colored and filtered output of your qmail logfiles
> now :D
>
> Cheers,
> Sebastian
>
> Otto Berger wrote:
>> you could also use fail2ban for that. You just have to specify a custom
>> rule ("filter") for the spamdyke-log output. Then the sender ip will be
>> released after a specified timeframe and not blocked forever ;).
>>
>> (IMHO it is still not a very good idea to block by firewall)
>>
>> Otto
>>
>> Sebastian Grewe schrieb:
>>
>>> Hey Guys,
>>>
>>> I have been working on a simple bash script that will read from it's
>>> standard input and presents some statistics from the logfile in realtime
>>> (when used with "tail -f .." ).
>>> After a few days that we have been attacked by spambots I got curious
>>> how to avoid these things in the future. The script we use is able to
>>> count the denied connections
>>> per IP and, if desired, adds this IP to the Firewall to reject incoming
>>> connections (brutal, I know). As the firewalling is optional you might
>>> still be interested in it to run just
>>> to see what's going on.
>>>
>>> It's written for BASH 3.0.15 but with a little change in the pattern
>>> matcher it runs on higher versions too. To start it in live mode run it
>>> like this:
>>>
>>> tail -f /var/log/qmail/smtp/current | qmail_parser.sh
>>>
>>> and if you just want to scan some files and see what happened to this:
>>>
>>> cat /var/log/qmail/smtp/* | qmail_parser.sh
>>>
>>> Since it's BASH it's not very good when it comes to performance but does
>>> the trick well when used with "tail". Also it's not catching everything
>>> (yet) since I was looking for only
>>> some very specific lines in the logfile. Anyhow, try it out and tell me
>>> what you think - attached the current script to this mail.
>>>
>>> Cheers,
>>> Sebastian
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>> _______________________________________________
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
--
-Eric 'shubes'
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
