qmail spam blocking

Andrew Gray agray at netconnect.com.au
Tue Jan 29 02:00:04 CST 2002


Dear all,
    For those of you running qmail mail server setup according to the 'life
with qmail' web page (ie multilog etc rather than syslog) with a reasonable
number of users.

I have written a perl program that trawls the mail logs, and looks for IP's
that have delivered too many emails over the last log period (about 5 hrs,
in my case, 15K+ users) and rewrites the tcp server config file, and am
looking for someone to evaluate it a bit further before releasing it to the
public in general.

I'm asking you because a) you're perl programmers and will understand the
code rather than just running it, and therefore may be able to suggest
improvements, and b) you're most likely to be on the same time zone as me.

Details.
    List runs variables such as threshold number of mails, ban time etc.
    Uses existing /etc/tcp.smtp file for storing data.
    Copes with static as well as temp banned IP numbers,
    IP's can be excluded from being autobanned (things like yahoo, popular
lists etc)

works on the assumption that a lot of spam will come from one IP in a short
period of time. (which has been my experience). Anyway If you're interested
in trying it out, mail me, I still need to write some decent doco's.

Code is available here for download here
http://gray.ballarat.net.au/qmail/throttle_smtp.tgz (include web script)

or view here
http://gray.ballarat.net.au/qmail/throttle_smtp.pl.txt (just throttle
script)

including a script web page to display banned IPs
sample http://mail.netconnect.com.au/cgi-bin/ip_ban_check
(been running about a week)

regards

Andrew Gray
Systems Administrator, NetConnect Communications
sysadmin at netconnect.com.au






More information about the Melbourne-pm mailing list