ytnobody/README.md

## README.md

      
    Raw
  

              README.md
            
          
    postfix-scanner-block.sh

a rough script that helps to block rogue like client to your postfix server
usage

Anyway you should chmod +x and check behavior first.
# chmod +x ./postfix-scanner-block.sh
# ./postfix-scanner-block.sh 

Then apply it if looks good to you.
# ./postfix-scanner-block.sh | sh

And if you lovin'it, you can do as followings in crontab.
*/5 * * * * root /path/to/postfix-scanner-block.sh | sh

AUTHOR

ytnobody ytnobody at gmail dt com

  
## postfix-scanner-block.sh
#!/bin/sh

WORKDIR=/tmp/.postfix-block-scan

build_target () {
  tail -n 1000 /var/log/mail.log |
    grep unknown |
    grep auth=0 |
    sed 's/^.*\[//; s/\].*$//;' |
    sort |
    uniq
}

build_blocked_list () {
  iptables -nL INPUT |
    grep DROP |
    grep all |
    sed 's/^DROP.*--  //; s/ .*$//;' |
    sort |
    uniq
}

extract_target () {
  diff $WORKDIR/.blocked_list.txt $WORKDIR/.spammer_list.txt |
    grep '>' |
    sed 's/^> //;'
}

block_target () {
  cat - |
  sed 's/^/iptables -A INPUT -s /; s/$/ -j DROP/;'
}

mkdir -p $WORKDIR
build_target > $WORKDIR/.spammer_list.txt
build_blocked_list > $WORKDIR/.blocked_list.txt
extract_target | block_target
	#!/bin/sh

	WORKDIR=/tmp/.postfix-block-scan

	build_target () {
	tail -n 1000 /var/log/mail.log \|
	grep unknown \|
	grep auth=0 \|
	sed 's/^.\[//; s/\].$//;' \|
	sort \|
	uniq
	}

	build_blocked_list () {
	iptables -nL INPUT \|
	grep DROP \|
	grep all \|
	sed 's/^DROP.-- //; s/ .$//;' \|
	sort \|
	uniq
	}

	extract_target () {
	diff $WORKDIR/.blocked_list.txt $WORKDIR/.spammer_list.txt \|
	grep '>' \|
	sed 's/^> //;'
	}

	block_target () {
	cat - \|
	sed 's/^/iptables -A INPUT -s /; s/$/ -j DROP/;'
	}

	mkdir -p $WORKDIR
	build_target > $WORKDIR/.spammer_list.txt
	build_blocked_list > $WORKDIR/.blocked_list.txt
	extract_target \| block_target