Re: FWTK and smap/smapd

[Greg Polanski <greg_polanski () adc com>]

I have supplemented ordb.org with a test of my own
sendmail logs.

If a mail gateway generates 29 or more 'User unknown' messages
in a single mail connection (Same message ID), I add it to my
own relays database,  db.relays.adc.com

I run this script every 10 minutes and look at the last 10 minutes
of the mail log for too many 'User unknown'.  In the script, I 
generate the reverse lookup entry for db.relays.adc.com
and mail the entry to a script on the DNS server.
The entry is added to DNS.

The script is very effective.  

If anyone is interested, I can send you a copy or post it.
It has comments, but the code is straightforward.


mn00s70548% wc ~/IS/unknown.sh ~/IS/makedbrelays.sh
      63     220    1422 /home/polansg/IS/unknown.sh
      89     371    2470 /home/polansg/IS/makedbrelays.sh
     152     591    3892 total

greg


> These days spam gets really, annoying (timewise and costwise) 
> from a busy admin standpoint..
> I run pair of sendmails with RBL  (ordb.org) feature turned on and two
> anti-virus SMTP behind them, it's been catching maybe 20-30% of that trash..

-- 
_______________________________________________________________
Greg Polanski                    mailto:greg_polanski () adc com
ADC Telecommunications, Inc.     952.917.0548
MS 36                            952.917.0651 FAX
PO Box 1101                      612.309.4493 cell/pager
Minneapolis, MN  55440-1101      6123094493 () mobile att net
_______________________________________________________________
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards