On 01/10/16 10:37, Postfix User wrote:
> On Fri, 30 Sep 2016 17:08:05 -0700, li...@lazygranch.com stated:
>
>> This will pull these hackers off your maillog.
>> bzgrep -e auth=0/1 maillog* | sed 's/.*\[\([^]]*\)\].*/\1/g' >iplist
>> sort iplist | uniq
> Great idea. I modified it slightly since the "sort" was not working
> correctly here. I make a bash script.
I use the "tail" command on the logfile, and rebuild periodically, so
the blacklisted entries die after a few days.
And I also use "uniq -d" so they are only blacklisted after the second
"strike".
> IPLIST="/var/tmp/iplist.txt"
> MAILLOG="/var/log/maillog"
>
> if [[ -e ${IPLIST} ]]; then
> rm ${IPLIST} &> /dev/null
> fi
>
> bzgrep -e auth=0/1 ${MAILLOG} | sed 's/.*\[\([^]]*\)\].*/\1/g' | sort -V |
> uniq > ${IPLIST}
>
> I think I will add the ability to create a table for IPFW also.
My entries go in the file postscreen_blacklist.cidr
Allen C
