Tue 20 Feb 2007
spamhammerd – give spammers the meathammer in real time
Original project URL:
Original code: Steve j. Kondik (shade at chemlab.org)
this code will monitor a postfix log and watch for
“550″errors (user unknown). after a threshold is reached, the ip generating the excessive errors will be added to the block list. spammers are sloppy and generally tend to blast everyone on their list at the same time.
This is mostly useless unless used on a high-volume server.
My tiny modifications…
Modified Feb 2007
Changes: Selective parsing to for use with combined logs (A single logfile with postfix, amavis, SPF)
Changed error from “550″ to “450″
Changes on the arrays numbers to match log fields.
Tested on Slackware Linux.
Added iptables blocking.
Apply the filter @ Postfix’s main.cf (spammers & spammers.db should be created by the script before reload postfix)
smtpd_client_restrictions = check_client_access hash:/etc/postfix/generated/spammers
Incoherencias parecidas y calificaciones a este post: