[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: abuse report management system



Hello Wojciech,

Am 2009-08-11 15:13:21, schrieb Wojciech Ziniewicz:
> What i want is a system that will trap abuse emails and notify me when
> certain client reaches the trigger of let's say 10 abuse emails per
> month.

I do this already using a procmail script, which spider the Body  if  an
E-Mail is attached and try to get the Received: header and analyse it.

Because the sending IP is associated (timely) with a  customer,  I  know
perfectly which customer was on which dynamic IP and ...

So you could do the same...

if I encounter an unknown Mail-Agent: or nothing, I trigger  immediately
because maybe it is a trojan or something like this.

For the new ISP i am in creation, I am blocking the port 25 and 589  and
force standard users to pass over my SMTP-Proxy.  However,  users  which
there own proper SMTP-Relays can reconfigure the two ports.

> Then i would analyze the records and decide about warning him
> about the sittuation and finally possibly cutting him of. We often do
> such things to our bussiness customers - if they send tons of spam
> using our ip addrs we can cut them off  after 2 warnings (in Poland
> sending spam is a crime) .

So you have the right to shootem?  ;-)

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Systemadministrator
    Tamay Dogan Network
    Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
<http://www.tamay-dogan.net/>                 Michelle Konzack
<http://www.can4linux.org/>                   Apt. 917
<http://www.flexray4linux.org/>               50, rue de Soultz
Jabber linux4michelle@jabber.ccc.de           67100 Strabourg/France
IRC    #Debian (irc.icq.com)                  Tel. DE: +49 177 9351947
ICQ    #328449886                             Tel. FR: +33  6  61925193

Attachment: signature.pgp
Description: Digital signature


Reply to: