Menu
01101110 01100101 01110100 01110111 01101111 01110010 01101011 01100001 01100100 01101101 01101001 01101110 01110100 01101111 01101111 01101100 01110011 00001101 00001010

Background

Manage Engine

Our readers provide the funding for our platform, and we may receive a commission when you make a purchase using the links on our site.

Using Watch-maillog To Reduce Spam Chatter

/ October 3, 2016 — Email

It is truly amazing how many resources are taken up on a server by other rogue boxes searching for an open relay, or simply sending dictionary attempts at finding local users. Watch-maillog is a perl script that uses IPtables to block mail servers that abuse your server. Watch-maillog helps with this by blocking servers that attempt to relay and do other bad things for varying amounts of time depending on the number of violations. You can get the script from here:
http://taz.net.au/postfix/scripts/

You do need to run the iptables command and create the SPAMMERS table first. Just add these lines to some file that you run from the watch-maillog script:

iptables -F SPAMMERS 2>/dev/null
iptables -X SPAMMERS 2>/dev/null
iptables -N SPAMMERS 2>/dev/null
iptables -I INPUT -j SPAMMERS

The watch-maillog script is simple enough that you could easily use this with a variety of systems. There is a related script called summarise-watchmaillog.sh. It shows the IP addresses, times they have been blocked, and the time they are being blocked for:

./summarise-watchmaillog.sh
84.98.44.68 x1 600
85.169.58.13 x1 600
85.201.100.215 x1 600
85.216.131.10 x1 600
85.50.128.44 x1 600
85.54.250.111 x1 600
85.64.11.165 x1 600
85.97.76.9 x1 600
201.137.93.176 x2 1200
68.44.53.75 x2 1200
69.8.184.1 x2 1200
81.220.22.93 x2 1200

Note that this script appears to have an error, at least with our version of uniq. The option in the script should be a small w, not a large W, and the option should be 16 instead of one:

sort -n -r | \
uniq -w 16 | \
sort $FINAL_SORT_ARGS

Information

About