W B Hacker wrote:
> Marc Perkel wrote:
>
>> W B Hacker wrote:
>>
>>
>>> Marc Perkel wrote:
>>>
>>>
>>>
>>>> Some of you I'm srue are experts at this. I can probably get something
>>>> to work but I want to do it right. And it's fairly simple.
>>>>
>>>> What I want to do is create a simple client/server application where
>>>> clients running Exim can easily report IP addresses to the server.
>>>> The server will accept the IP addresses and execute a command to add the IP
>>>> address to a MySQL database and increment a counter. What I'm
>>>> specifically doing is counting spam/ham based on IP address. But - if I
>>>> can just receive the IP address I'll figure put how to process it.
>>>>
>>>> I have xinentd if that maes things easy.
>>>>
>>>> On the client side I want to in an efficient way be able to pass a
>>>> string containing the IP address to the server. Maybe talk to an open port?
>>>>
>>>> So - what's the simplest way to accomplish this?
>>>>
>>>>
>>>>
>>>>
>>> It seems you would want near-real-time posting of those IP.
>>>
>>> Since you said that your 'target' is a MySQL DB, you might want to simply use
>>> SQL to write them directly into the DB from within an acl.
>>>
>>> There are examples available in SQL greylisting code - not cut-and-paste usable,
>>> but which you should be able to readily adapt to your needs.
>>>
>>> An Exim MACRO from Toleff Fog Heen is illustrative of the 'INSERT' code concept:
>>>
>>> GRAYLIST_ADD = INSERT INTO relaytofrom (relay_ip, from_domain) \
>>> VALUES ( '${quote_mysql:$sender_host_address}', \
>>> '${quote_mysql:$sender_address_domain}')
>>>
>>> One might add timestamps and an autoincrementing 'serial' field, then a trigger
>>> on the count if MySQL has triggers Else PostgreSQL sells for the same price, and
>>> does have.
>>>
>>> Note that 'read' privileges are not enough, so make sure that any other SQL code
>>> is resistant to exploits that could modify the DB improperly.
>>>
>>> I suspect this would run faster if you used something simpler than an SQL DB.
>>>
>>>
>>>
>>>
>> Thanks Bill,
>>
>> I have that now - but what I want to do is give other people a simple
>> way to send me IP addresses in real time. I dont want to give the direct
>> access to my database and provide them with passwords and query strings.
>> What I want to do is to have them do something simple like write a
>> string to a port and I'll handle the processing on my end with something
>> that listens on that port, gets the string, and runs the MySQL on my end.
>>
>
> OK - 'manual' input, then.
>
> Opening a port might invite a DoS.
>
> A well-crafted form on a Web-page might be OK.
>
> Having them 'forward' the entire message to a dedicated address might be better,
> as you could vet it for accuracy, AND get more than just the IP out of it.
>
>
>> I have this new system working for me and I want to make it public. But
>> to do that I need to make it easy for people to send me their data.
>>
>
> I would be careful with 'public' there.
>
> Not everyone is equally qualified to even ID the correct IP from whence the
> problem has emanated - or if it is IP-persistent (think sporadic zombification
> of communities of WinBoxen on DHCP) - or if blocking an IP used
> once-in-a-great-while does more good than harm.
>
> Look at some of the contentious junk that has found it way into rfc-ignorant.
>
> For example, listing the entire .de .tld WHOIS as broken because it needs proper
> CLI tails to craft a whois inquiry when telnet'ed into - despite the fact that
> it DOES respond correctly to a proper 'whois' client. Go figure.
>
> This new tool of yours will probably only retain 'credibility' if you are very
> strict about what you allow into it.
>
> For the near-term, multiple-acl tests and near-real-time count incrementing on
> servers you control, can analyze and tune, is probably where that works best.
>
> A razor-style sharing comes later, IMNSHO.
>
>
>
>> I
>> think I have the server side of it working. Still testing. So what I
>> need now is an easy way for Exim to open a port and send a string to it.
>> Right now the best I have is running netcat (nc) but would like
>> something cleaner.
>>
>
> Have a look at the ways you can tune 'checkservice', then. A template that reads
> counter(s) or files published via http might be useful.
>
> Exim can append more (or LESS) than just entire messages to arbitrary files, not
> just to the default logs.
>
> Bill
>
>
>
I'm not looking for the load of sending whole messages. Those who will
be feeding it will be hand chosen by me ans will be given a secret host
and port to send it to and it will be set up to only accept from
specific hosts. But - I want to make it so that anyone can read it and
use it to filter spam. If this is sucessful then I hope some big service
will take it over and other people will do it right. I'm good at
starting things because I think outside the box. But once I get it going
then other can improve it and do it right.
