Le Vendredi 24 Février 2006 20:18, Eric Fox a écrit :
> I do something similar to this. When I've rejected a message as known
> spam, a log entry is posted in maillog. I then use logsurfer to monitor
> maillog for these entries. Logsurfer parses out the IP and passes it on
> to a script that temporarily adds a blocking rule to the firewall, and
> comes back a while later to remove the rule.
>
> This could probably also be done from a router & transport combination as
> well. I used logsurfer because I was already using it for other purposes.
Hello,
I found the idea of relying on logs checker interesting and I followed it to
write "See you later".
Basically, it studies logs and expect to find the string ++BAN:IP++. If it
founds this, it stores it in a mysql database. And then, another script
update /etc/hosts.deny according to the database.
I did not spent time to work on integrating this more into Exim because
actually I prefer to have a rather simple exim setup, not embedding too much
things. And I was not prepared to spend time to write client/server model
like spamc/spamd to make something that truly scale - and starting perl new
process each time a spam is caught is a no go.
The drawback is the delay between the time the spam is caught and the actual
ban.
But so far it seems to work properly.
https://gna.org/projects/seeyoulater/
Regards,
--
Mathieu Roy
+
| Thalie : <http://yeupou.coleumes.org/>
| Clio : <http://clio.coleumes.org/>
| Euterpe : <http://crap.is.free.fr/>
| <http://kromaniaks.coleumes.org/>
+-----------------------------------------------------------+