service telnet { socket_type = stream protocol = tcp wait = no user = root server = /usr/local/bin/smtarpit log_on_success = PID HOST log_on_failure = HOST USERID instances = 10 } |
#SETUP VARIABLES MASTER=/admin/conf/mast.ip LOG=/var/log/maillog TMP=/tmp/tmp.ip.bl ADD=/admin/conf/other.ip EXCEPT="<exception ip addresses>" FLAG=0 #GETTING IP'S - USED FOR POSTFIX/AMAVISD/SPAMASSASSIN echo "Getting IP's.." cat $LOG | grep -e "Blocked SPAM" | gawk '{ print $9 }' | cut -f 2 -d "[" | cut -f 1 -d "]" | sort | uniq >> $TMP cat $LOG | grep -e "blocked using" | gawk '{ print $10 }' | cut -f 2 -d "[" | cut -f 1 -d "]" | sort | uniq > $ADD #CREATING THE MASTER LIST cat $ADD >> $TMP cat $MASTER >> $TMP cat $TMP | sort | uniq > $MASTER cat $MASTER > $TMP rm -rf $MASTER touch $MASTER #REMOVE YOUR EXCEPTIONS for t in `cat $TMP` do FLAG=0 for k in $EXCEPT do if [ "$t" == "$k" ] then echo match FLAG=1 fi done if [ $FLAG == 1 ] then echo match2 else echo $t >> $MASTER fi done #CREATE A SYSLOG MESSAGE OF THE NUMBER OF BLOCKED IP'S CNT=`cat $MASTER | wc -l` echo "Got $CNT unique IP's.." logger "==smtarpit== $CNT unique IP's.." #CLEAR THE FIREWALL iptables -t nat -F #BLACKLISTING THE IP'S echo "Blacklisting IP's.." for x in `cat $MASTER` do iptables -t nat -A PREROUTING -s $x -d <mail_server> -m tcp -p tcp --dport 25 -j DNAT --to-dest <mail_server>:23 done rm -rf $TMP |
50 * * * * /admin/bin/spam-ip |