Am 30.05.2014 16:21, schrieb li...@rhsoft.net: > sorry for the more or less off-topic but i think > here are the people with most expierience > > what i would like to do is: > > * setup whatever software listeing on port 25 > * any IP connecting to that machine feed into > a dns-zone file for a DNSBL > > currently i have a stripped down CentOS6 listening > on all unsued IP's in a /24 network on standard > ports with xinedt answering to ping and response > with a dash-script "creep away" > > assuming that only infected machines part of a botnet > are trying to connect on random IP's to port 25 i would > say the same machines likely are used to spread spam > > so feed any connection to a automatically maintained > RBL may stop recent spam waves targeting the own network > long before the big RBL's react nad if you achive to > remove IP's on that auto-feeded RBL after 48 hours there > should be little to no bad impact
answering myself: a tiny, secure piece of software accepting connections on a specific port and write only the IP adress in a textfile would be enough as start the rest are some cron-scripts maintainingg a database with timestamp/IP, generate the PTR-zone for the RBL and reload whatever nameserver software using that zone file
