On Sat, 2004-08-14 at 09:42, Sean Kennedy wrote: > Mark Turner wrote: > > >Is there any way to tie in qmail scanner/qmail and IPTables together so > >that if a spammer hammers your connection even though they are being > >denied, IPTables blocks them permanently or for a specified ammount of > >time? > > > 2 problems I could see: > > 1) The only way to modify the firewall is as root. So we have a > security concern there. How does a normal user add a rule to the firewall?
Add the IP address plus time to a file for each match Some cron job runs which reads this file, counts how many times that IP address has sent something 'bad', and if it is > x then it will add it to the iptables. It then checks IP Addresses that were added previously to see if they have 'timed-out'... Could also use MySQL or something instead of a flat-file... > 2) qmail-scanner is much like a web page in that something has to happen > before it can do anything. So if you have a low volume server, a rule > could go quite a niy longer than intended. As above, the cron job which runs on a regular basis (maybe once per hour, or once per 5 mins depending on how long you want to block for, though keep in mind you might block for a maximum of 2 x 5 mins - 1 sec worst case). > Solve those two problems, and I don't see why it wouldn't work Personally, I would like to see qmail-scanner log to MySQL instead of the mailstats.csv (or syslog). This would resolve the problem where entries to mailstats.csv might be lost as well as allow us to use the data to make more interesting decisions. Though, it does complicate qmail-scanner a little more... One day I will do this anyway, but perhaps for others, ODBC would be a better choice... Regards, Adam ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
