Hi to all! I made a simple script that scans sendmail log files, finds IP from which several spam messages were received, and blocks them in sendmail access file.
The backgroung is as follows: Once I found that our MX is nearly down. Running top exposed a lot of spamd instances, cosuming almost all CPU time. Examining maillog showed, that one of our subscribers sent about 4000 messages within approximately 15 minutes, and all them were spam. I manually banned that subscriber in /etc/mail/access and informed their personel about possible zombie infection. Now I have script that runs from cron and instantly blocks hosts that have sent us more than some maximum number of spam messages within last hour (or any duration of your choice). The script is availble from http://sa-russian.narod.ru/block_spammers.bash Understanding of some fundamentals of BASH scripting is expected. The only MTA supported is sendmail. Look at the comments inside the script to tailor it to your installation. Best regargs, Alan M. Makoev
