[SA-exim] logging spammer ips

Marc MERLIN marc at merlins.org
Thu Jun 19 16:48:26 PDT 2003

Previous message: [SA-exim] logging spammer ips
Next message: [SA-exim] sa-exim and whiltelists
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 19, 2003 at 05:27:08PM -0400, Jonathan Vanasco wrote:
> 
> just wondering if this would be possible w/the current sa-exim 
> implementation...
> 
> would it be possible to log the ips of incoming mail sources to a 
> seperate file?
> 
> for example: the originating ip of all spam marked 12+ is added to 
> spammer_ips.txt -- which can be used as a blacklist
 
Sure thing, parse the logs:
2003-06-16 05:31:20 19Rt8l-0001ox-Ui SA: Action: permanently rejected message: h
its=21.0 required=7.0 trigger=12.0 (scanned in 1/1 secs). From <foskett at usa.net>
 (host=h0007e9f09ccb.ne.client2.attbi.com [24.34.37.97]) for user at mydomain
                                           
Be careful not to blacklist your secondary MXes and hosts that forward mail
to you (/etc/aliases / ~/.forward)

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key

Previous message: [SA-exim] logging spammer ips
Next message: [SA-exim] sa-exim and whiltelists
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SA-Exim mailing list