El 16/04/10 23:33, John Fawcett escribió:
I've been using cbpolicyd to do rate limiting on submission port not
because I want to rate limit legitimate users, but to protect against
stolen credentials.
The approach of scanning the logfile that you outline, though not real
time like cbpolicyd would be almost as good if run often enough so
that the window in which spam could leak out was small.
So I have made a prototype (sorry but it's php not perl) that can
parse log files and write postfix access files. It does not do all you
wanted, for example the part about country lookups, though feasible
would not catch the case of stolen credentials from ips within the
same country. I have only implemented two limits: a limit on number of
authentications within a certain time frame and limit on the number of
different ips for a single user in the time frame. If either limit is
reached then the IP is blacklilsted in an access file. Maybe it is
useful or you could extend it for your needs.
http://www.gufonero.com/postfix/check_auth_log_0.1.tgz
After customizing file locations and limits, you can schedule the
script to run from cron, but you need to also include the postmap of
the access file (makefile -f check_auth_log_makefile all) afterwards.
It assumes you use hash access files. Update of main.cf / master.cf is
needed to add in the check of the access map, e.g. for the submission
port. You'd probably also want a whitelist access file in front of
this to opt certain heavy users out of the check.
regards,
John
John, thanks so much for your interest. I just downloaded it. Tomorrow I
will be meeting my partner (he's the php guy) adn we will take a look at
it. I'll certainly keep you posted of any developments.
Best regards,
Ignacio
