Thanks!
-----Original Message----- From: Gary Gendel <[email protected]> To: spamdyke users <[email protected]> Sent: Tue, Mar 26, 2013 11:22 am Subject: Re: [spamdyke-users] Timer for objects in blacklist Denny, Sure, But I'll probably embarrass myself. I wrote it a long time ago, pre-spamdyke, when I had a homebrew spam solution. It consists of a few small programs written in c and some scripts. From what I remember... A cron job runs a script called blacklist.csh that calls a program called extractSpam for each new mail from the honeypot's inbox. The script expects maildir format, but it can take an mbox file instead. It then calls a program called mergeSpam to merge this info into the blacklist file as well expire any old records. This is the blacklist file that spamdyke uses. extractSpam takes -x options to specify special ip addresses you want it to ignore such as your own address in the event of a bounced email to the honeypot. See blacklist.csh for examples. The only argument is the file you want to append the ip addresses to. Note that mergeSpam has this file hard-coded in so it better match that. I used this feature to test the program on various emails without disturbing the production setup. mergeSpam takes two arguments, the first is the expiration time and the second is a comment to put at the head of the file. I use jam instead of make but it should be easy to figure out what needs to be done from the included Jamfile. Feel free to use it, modify it, or throw it away as needed. :) Gary On 03/26/2013 11:05 AM, Denny Jones wrote: Interesting concept. Care to share your script? -----Original Message----- From: Gary Gendel <[email protected]> To: spamdyke users <[email protected]> Sent: Tue, Mar 26, 2013 9:41 am Subject: Re: [spamdyke-users] Timer for objects in blacklist I do something similar for my ip blacklist. I have a honeypot that, if it receives email. it adds the sender's ip to the blacklist with a timestamp in a preceding comment. If I get another email from that server, it just updates the comment so the expiration gets extended. I run a nightly cron job to clear away ip addresses that have been inactive for >= 30 days. So the entries in the file look like this: # 2013-03-18 72.30.239.144 Gary On 03/26/2013 10:28 AM, David wrote: Is there a way we could get a configuration for a timer to be set on blacklist items in any blacklist? For instance when I configure firewall rules and use address lists I always use a timer on these list to be removed from the list after a certain amount of time but the rule is always there so if the address gets caught by the rule gets re added to the list again. I was thinking if there was an easier way to manage these list better and the timer came up. If I was able to place a timer on the items in the list say for 30days or less to be emptied out would be great. Something else to consider is dumping them into another list to be watched and if they show up again then re-add them back to the current list and drop the others in the old list after a few days. this may help with my pain of these list growing out of control. Thanks Dave _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
