ANNOUNCE: mailwatch2rbl
Gareth
list-mailscanner at linguaphone.com
Sat Sep 22 07:52:58 IST 2007
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of Scott
> Silva
> Sent: 22 September 2007 00:05
> To: mailscanner at lists.mailscanner.info
> Subject: Re: ANNOUNCE: mailwatch2rbl
>
>
> Gareth spake the following on 9/21/2007 12:24 PM:
> > I have been chatting with Alistair Carmichael about a quick
> script he wrote
> > to extract a list of IP addresses out of the mailwatch database
> which have
> > only sent a number of spam emails and then automatically block them.
> >
> > I have now created something which seems to be fully functional
> at least for
> > me. Alistair had a problem where php did not like the database
> library I am
> > using but I have never seen this before and have used it on
> various boxes
> > with a very large range of php versions.
> >
> > You can read basically how it works and download the current
> release from
> > http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/
> >
> > The block table it generates is easy to use in Postfix and it can also
> > generate a file compatible with rbldnsd. I am not sure what exim and
> > sendmail can work with nativly but if someone would like to give me an
> > example I will enable it to generate compatible files for them aswell.
> >
> Sendmail access file is in the following format;
>
> ip address [tab] RFC message
> The hard part is expiring entries, not adding them. You can
> always cat them to
> the end of the file, but you need some magic to find an entry and
> remove it
> when the time limit is up.
My script stores the expiry date in the block table and expires any entries
from it every time the script is run. Any text files are regenerated every
time aswell.
>
> Here are a few generated by Vispan from my system;
>
> 85.118.111.254 550 5.5.0 No Spammers Allowed
> 58.225.149.228 550 5.5.0 No Spammers Allowed
> 218.240.114.209 550 5.5.0 No Spammers Allowed
> 69.147.64.37 550 5.5.0 No Spammers Allowed
> 68.142.201.96 550 5.5.0 No Spammers Allowed
> 129.41.237.74 550 5.5.0 No Spammers Allowed
>
> How about adding it to iptables?
I'll create another option where you can create any arbitary file that you
want so that will allow you to create a suitable file for sendmail and
postfix. I always create a temporary file first and I could check and only
move it over the top of the mail file if the contents are different. That
way I could implement a feature where a command could be run if the file
changes and this could be used to reload iptables etc...
More information about the MailScanner
mailing list