Re: abuse report management system

[Aaron Thoreson <aaront@midco.net>]

procmail, arffilter (http://wordtothewise.com/products/arffilter.html), 
perl, mysql

We use procmail to filter the inbound messages through 'arffilter' (to 
read ARF - formatted attachments/messages) which then goes on to a perl 
script that fetches certain header information.  Then we process it 
daily and watch for spikes, new sources, etc.  I agree that a human need 
examine the content and make final decisions, as the subject lines and 
formatting of various organizations' abuse complaints vary wildly. 
You'll be constantly amending your procmail rules and modifying your 
perl scripts.

The only affordable system I've seen out there is Word to the Wise's 
Abacus system.  I'm sure Remedy or something similar has a product, but 
as far as open source, I'm not sure.

Aaron

Wojciech Ziniewicz wrote:
> 2009/8/11 Andy Davidson <andy@nosignal.org>:
> > This is dangerous, you wouldn't want your customers to see the original
> > abuse request, and you wouldn't like outsiders to be able to cut off your
> > customers by filing invented abuse emails that trigger the threshold in your
> > automated system.  Serious allegations need to be checked with the use of,
> > for example, netflow records, and you may require to build a different
> > process based on messages from law enforcement agencies or similar.
> >
> > Abuse handling is a specialist skill and should be done by humans.
>
> I dont want any of theese.
> What i want is a system that will trap abuse emails and notify me when
> certain client reaches the trigger of let's say 10 abuse emails per
> month. Then i would analyze the records and decide about warning him
> about the sittuation and finally possibly cutting him of. We often do
> such things to our bussiness customers - if they send tons of spam
> using our ip addrs we can cut them off  after 2 warnings (in Poland
> sending spam is a crime) .
>
> regards.
> WZ

--
Aaron Thoreson
Network Group
Midcontinent Communications
aaront@midco.net