Re: Making a list of IPs that try relaying on my Postfix server
Re: Making a list of IPs that try relaying on my Postfix server
- Subject: Re: Making a list of IPs that try relaying on my Postfix server
- From: Bernardo Hoehl <email@hidden>
- Date: Fri, 19 Nov 2004 13:33:20 -0200
Hi David,
Thanks for posting.
This is the kind of trash I see on my Mail.Log:
Nov 19 09:03:59 correiofacil postfix/smtpd[2334]: 6D8BA43D5A: reject:
RCPT from tp242054.dynamic.seeder.net[202.129.242.54]: 554
<email@hidden>: Relay access denied;
from=<email@hidden> to=<email@hidden>
proto=SMTP helo=<200.222.105.45>
I have been adding rules manually to block guys like these, and the
occurrences have diminished after that.
Though my server won't relay, these lines still annoy me when I look at
them at my Mail.log. I just want to automate what I already do
manually.
Bernardo
==============================
On 19 Nov, 2004, at 12:56 PM, Wadson, David wrote:
Is your server an open relay that spammers are exploiting or do you
mean
that you want to block people sending spam to users on your server? If
they're relaying off your system, you should deal with that issue in
Postfix. It's not good to have your server operating as an open relay.
No
matter what Applescript, crontab and IPFW system you put into place,
spammers will be able to exploit your system. Plus, given that their IP
addresses will be constantly changing, you're just going to end up
with a
huge number of IPFW rules.
Look into SpamAssassin and Amavisd as well as Postfix's anti-spam
settings
for dealing with people sending spam to your system. A good source for
how
to implement some of that stuff is
http://www.geocities.com/scottlhenderson/spamfilter.html.
David Wadson
Systems Manager & Graphic Coordinator
The Chronicle-Journal
Thunder Bay, Ontario
----------
From: Bernardo Hoehl
Sent: Friday, November 19, 2004 9:43 AM
To: Applescript Users
Subject: Making a list of IPs that try relaying on my Postfix server
<<File: ATT194220.txt>>
Hi List,
I am working a new script to collect IP numbers from /var/log/mail.log
that try relaying SPAM on my server, put on a list and later add them
to
my IPFW rules. Maybe I will use separate scripts, one for making the
list,
and another for implementing the rules in IPFW, and Crontab for
actually
running both scripts periodically.
I am a bit confused at this moment, and would like to share my code
with
you (not fully functional at this moment).
I appreciate reading your comments, how you would approach the
problem.
Thanks,
Bernardo Hoehl
Rio de Janeiro - Brazil.
++++++++++++++++
property MyBockedList : ""
set numero to -1
repeat 100 times
try
set MaiLog to do shell script "tail " & numero & "
/var/log/mail.log"
set MyString to MaiLog --paragraph 1 of MaiLog
--display dialog MyString giving up after 1
if MyString contains "Relay access denied" then
--beep
set AppleScript's text item delimiters to the "["
set the item_list to every text item of MyString
set TheIpBlock to item 3 of the item_list
set AppleScript's text item delimiters to the "]"
set the item_list to every text item of TheIpBlock
set TheIp to item 1 of the item_list
tell me to activate
--display dialog MyBockedList giving up after 1
end if
set numero to numero - 1
if TheIp contains "." and MyBockedList does not contain
TheIp then
set MyBockedList to MyBockedList & TheIp & return
end if
end try
end repeat
return MyBockedList
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Applescript-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Applescript-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden