Have you tried fail2ban? It should be easy to set it up to scan spamdyke's logs for failures and create entries in iptables to block the incoming connections. Note, however, that iptables can't handle more than about a thousand entries -- after that performance begins suffer dramatically.
-- Sam Clippinger On Jan 29, 2013, at 2:03 PM, Shane Bywater wrote: > Hi, > > Can any recommend the most efficient way (ie. minimum human > interaction and system resources) to deal with a SPAM situation as shown > below where multiple IPs are using multiple domain names to send SPAM to > the same email addresses repeatedly (for over 14 days so far)? I've > changed the real domain name to domain.com and most of the email > addresses being used are no longer are active on our server. Spamdyke > is doing a great job of blocking such SPAM but the load on the server is > getting too high to be able to use the Plesk Control Panel properly. > I'm wondering if someone had a script that would scan the maillog file > for FILTER_RDNS_MISSING ip: 59.95.80.11 and either creates a file which > contained such IPs that the system administrator could then use to add > to the iptables (I think that is what would be used in Centos6) or > modifies the iptables automatically. My server is running Centos6 with > Parallels Plesk 10.4.4. Any advice would be appreciated. > > Jan 29 04:13:06 apexia spamdyke[21825]: FILTER_RDNS_MISSING ip: > 119.195.138.22 > Jan 29 04:13:06 apexia spamdyke[21825]: DENIED_RDNS_MISSING from: > [email protected] to: [email protected] origin_ip: 119.195.138.22 > origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) > Jan 29 04:13:06 apexia spamdyke[21825]: DENIED_RDNS_MISSING from: > [email protected] to: [email protected] origin_ip: 119.195.138.22 > origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) > Jan 29 04:13:06 apexia spamdyke[21825]: DENIED_RDNS_MISSING from: > [email protected] to: [email protected] origin_ip: 119.195.138.22 > origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) > Jan 29 04:13:06 apexia spamdyke[21825]: DENIED_RDNS_MISSING from: > [email protected] to: [email protected] origin_ip: 119.195.138.22 > origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) > ... > Jan 29 04:16:38 apexia spamdyke[23081]: FILTER_RDNS_MISSING ip: 59.95.80.11 > Jan 29 04:16:38 apexia spamdyke[23081]: DENIED_RDNS_MISSING from: > [email protected] to: [email protected] origin_ip: > 59.95.80.113 origin_rdns: (unknown) auth: (unknown) encryption: (none) > reason: (empty) > Jan 29 04:16:38 apexia spamdyke[23081]: DENIED_RDNS_MISSING from: > [email protected] to: [email protected] origin_ip: > 59.95.80.113 origin_rdns: (unknown) auth: (unknown) encryption: (none) > reason: (empty) > Jan 29 04:16:38 apexia spamdyke[23081]: DENIED_RDNS_MISSING from: > [email protected] to: [email protected] origin_ip: > 59.95.80.113 origin_rdns: (unknown) auth: (unknown) encryption: (none) > reason: (empty) > Jan 29 04:16:38 apexia spamdyke[23081]: DENIED_RDNS_MISSING from: > [email protected] to: [email protected] origin_ip: > 59.95.80.113 origin_rdns: (unknown) auth: (unknown) encryption: (none) > reason: (empty) > > Thanks for your time and Sam thanks very much for creating Spamdyke. > Looking forward to the next version which hopefully addresses the > whitelisting/relaying issue. > > Regards, > Shane Bywater > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
