Re: [Qmail-scanner-general]qmail and iptables

Tue, 17 Aug 2004 12:13:48 -0700 

On Saturday 14 August 2004 04:41, Mark Turner wrote:
> Is there any way to tie in qmail scanner/qmail and IPTables together so
> that if a spammer hammers your connection even though they are being
> denied, IPTables blocks them permanently or for a specified ammount of
> time?

If you're running qmail using tcpserver then block it using tcprules. What I 
have done is modify my qmail-scanner so that after scanning it checks whether 
there was a problem with the mail. Something like this:

----------------------------------
# Add some code to stick the virus laden IPs into a file
# The idea is automatically update the smtp.cdb so that those IPs are denied
# to check whether a virus was sent by a relayclient use:
# if ($ENV{'TCPREMOTEIP'} && defined($ENV{'RELAYCLIENT'}))

if ($quarantine_event ne "0") {
  use FileHandle;
  my $banippath = '/var/spool/qmailscan/banip';
  my $banip;
  my $fh = new FileHandle;

  if ($remote_smtp_ip =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) {
    $banip = $1;
  }

  if ($fh->open("> $banippath/$banip")) {
    # print "Created file $banip\n";
    $fh->close; }
  else {
    &error_condition("Cannot create [$banippath/$banip] !");
    # print "Error creating file $remote_smtp_ip\n";
  }
}
----------------------------------

Then I have a cronjob which runs once every few minutes to grab those IP 
addresses and rebuilds the cdb for tcpserver.

Then I have another cronjob which runs once every several hours which expires 
those files.


This has worked very well so far particularly against those viruses which 
sends a whole spew of mail. Now they get in one or two mails before being 
blocked.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz

/*
Men are those creatures with two legs and eight hands.
                -- Jayne Mansfield
*/



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general

Reply via email to