Re: blacklists

To: Russell Coker <russell@coker.com.au>
Cc: debian-isp@lists.debian.org
Subject: Re: blacklists
From: Craig Sanders <cas@taz.net.au>
Date: Thu, 9 Dec 2004 12:22:05 +1100
Message-id: <[🔎] 20041209012205.GG1464@taz.net.au>
In-reply-to: <[🔎] 200412091127.30750.russell@coker.com.au>
References: <[🔎] 415112373.20041205105403@onee.sk> <[🔎] 200412090000.44946.russell@coker.com.au> <[🔎] 20041208141218.GE19611@taz.net.au> <[🔎] 200412091127.30750.russell@coker.com.au>

On Thu, Dec 09, 2004 at 11:27:27AM +1100, Russell Coker wrote:
> On Thursday 09 December 2004 01:12, Craig Sanders <cas@taz.net.au> wrote:
> > the log file noise issue is important to me - i've recently started
> > monitoring mail.log and adding iptables rules to block smtp connections
> > from client IPs that commit various spammish-looking crimes against my
> > system.  
> 
> Interesting.  Do you plan to package it for Debian?

nope, it's just a trivial script - and one that's probably dangerous to use if
you don't understand what it's doing, and i don't plan on documenting it beyond
comments in the script itself.  in short, it's a toy for me.

if you want to see it, look in http://taz.net.au/postfix/scripts/

it's called watch-maillog.pl

there's a bunch of other postfix related scripts in there.

you may also like qvmenu.pl, a curses-based postfix queue browser that i wrote.
it allows you to pipe queued messages into less or urlview, select multiple
messages and delete, hold, unhold or re-queue them (i.e. a wrapper around
postsuper).  pretty simple to add new features...as with most of my scripts, i
write for readability rather than optimised speed.

i work on this occasionally, and add new stuff as i need it....e.g. there's a
half-implemented "bounce to sa-spam/sa-ham alias" feature....that's because i
have a header_checks rule to HOLD all mail with an SA score over 10.  this is
the reason i wrote qvmenu.pl in the first place.  false-positives i just
unhold.  spam, i usually view & urlview them to get fodder for my SA &
body_checks rules, then delete them.  i also want to be able to bounce them to
sa-spam or sa-ham (sa-learn aliases on my system).   i'll finish that off when
i get time.

because it calls mailq to get the queue listing, it's probably too slow to use
on any system with thousands of messages in the queue.  i've used it on systems
with hundreds, and found it to be OK.  actually, i doubt if it would be much
faster even if it trawled the queue directories itself - mailq isn't exactly
inefficient and bloated.

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)

Reply to:

Follow-Ups:
- Re: blacklists
  - From: Michael Loftis <mloftis@modwest.com>

References:
- blacklists
  - From: Marek Podmaka <marki@onee.sk>
- Re: blacklists
  - From: Russell Coker <russell@coker.com.au>
- Re: blacklists
  - From: Craig Sanders <cas@taz.net.au>
- Re: blacklists
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: blacklists
Next by Date: Re: blacklists
Previous by thread: Re: blacklists
Next by thread: Re: blacklists
Index(es):
- Date
- Thread