|
|
 
It is truly amazing how many resources are taken up on a server by other rogue boxes searching for an open relay, or simply sending dictionary attempts at finding local users. Watch-maillog is a perl script that uses IPtables to block mail servers that abuse your server. Watch-maillog helps with this by blocking servers that attempt to relay and do other bad things for varying amounts of time depending on the number of violations. You can get the script from here:
http://taz.net.au/postfix/scripts/
You do need to run the iptables command and create the SPAMMERS table first. Just add these lines to some file that you run from the watch-maillog script:
iptables -F SPAMMERS 2>/dev/null
iptables -X SPAMMERS 2>/dev/null
iptables -N SPAMMERS 2>/dev/null
iptables -I INPUT -j SPAMMERS
|
The watch-maillog script is simple enough that you could easily use this with a variety of systems.
There is a related script called summarise-watchmaillog.sh. It
shows the IP addresses, times they have been blocked, and the time they are being blocked for:
./summarise-watchmaillog.sh
84.98.44.68 x1 600
85.169.58.13 x1 600
85.201.100.215 x1 600
85.216.131.10 x1 600
85.50.128.44 x1 600
85.54.250.111 x1 600
85.64.11.165 x1 600
85.97.76.9 x1 600
201.137.93.176 x2 1200
68.44.53.75 x2 1200
69.8.184.1 x2 1200
81.220.22.93 x2 1200
|
Note that this script appears to have an error, at least with our version of uniq. The option in the script should be a small w, not a large W, and the option should be 16 instead of one:
sort -n -r | \
uniq -w 16 | \
sort $FINAL_SORT_ARGS
|
|
|
