Marc Perkel wrote:
There's people out there who are better and faster programmers than I
am. I need a simple utility written We can post it on the SA Wiki when
we're done.
I don't care what it's written in but I'm thinking that xinetd might
be easiest. What I want is something to record the IP address of any
host connection to port 25. Then going to need it to run a one line
script file that runc netcat (nc) and sends me data. Basically I just
need te IP address. I have a collector program listening that feeds
the blacklist system. The collector is.
echo "$*" | nc -w 2 <host> <port>
exit 0
You mean you need a script will listen to port 25 instead of a smtpd
daemon ?
Will be a trivial thing to do?
What should this do , just log to syslog the IP's and break connection
immediately after connect
The idea of this project is to collect hits on port 25 of computers
that shouldn't be hit on port 25. Thses hits would be 100% spambots
and hackers. They hit it - they get listed.
I'll share my collector code, which is a one line script.
socat -u TCP4-LISTEN:<port>,reuseaddr,fork OPEN:/logfile &
The pair of these programs can be used to collect any kind of data
base on trouble makers hitting port that shouldn't be hit. This could
be used for ssh attempts - anything. These programs feed IP collection
systems and then some task manages the list, rotates it, and generates
DNS blacklists.
I'm thinking such a system might be really useful.
Yes , I think that would give a zero fp blacklist on ip's
Any real MTA would mx lookup ,
IMO If mail is sent on non mx ips the mail is spam and the ip is of a
spammer
(internal misconfigured transport relays need to be excluded )
===================================================================
sms START NEWS <your city> to 09845398453 for Breaking News and Top
Stories on Business, Sports & Politics. For more services visit
http://www.mytodaysms.com
===================================================================
