crontab -e
0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/local/bin/php /opt/mailscanner_sql_blockip.php

#!/usr/local/bin/php
<?php
$linkptr = mysql_pconnect ("192.168.50.172","mailwatch","");
mysql_select_db("mailscanner",$linkptr);

$accessfile = "/etc/mail/access";

$sql = "SELECT clientip FROM `maillog` WHERE `sascore` >=10 and `timestamp` > DATE_ADD(now() ,INTERVAL -5 MINUTE) group by clientip ORDER BY INET_ATON(clientip)";
$result = mysql_query($sql);

while ($row = mysql_fetch_assoc($result)) {
    $sql = "SELECT `ipaddress` FROM`ac_blockip` WHERE `ipaddress`= '".$row['clientip']."'";
    $resulttemp = mysql_query($sql);    
    list($r_ipaddress) = mysql_fetch_row($resulttemp);
    mysql_free_result($resulttemp);
    if ($r_ipaddress == $row['clientip']) {
        $sql = "UPDATE ac_blockip SET score=(score + 1),`timeout`=DATE_ADD( now() ,INTERVAL (score*24) HOUR),`status`='B' where ipaddress='".$row['clientip']."'";
        mysql_query($sql,$linkptr);
    } else {
        $sql = "INSERT INTO `ac_blockip`(`ipaddress`, `score`, `timeout`, `status`) VALUES ('".$row['clientip']."',1,DATE_ADD( now() ,INTERVAL 24 HOUR),'B')";
        mysql_query($sql,$linkptr);
    }
}
mysql_free_result($result);

$sql = "UPDATE `ac_blockip` SET `timeout`=0,`status`='R' where `status` = 'B' and `timeout` < now()";
mysql_query($sql,$linkptr);

$sql = "SELECT `ipaddress` FROM `ac_blockip` where status = 'B'";
$result = mysql_query($sql);

$temp = "";
$fh = fopen($accessfile, 'w') or die("can't open file");
while ($row = mysql_fetch_assoc($result)) {
        $temp1 = $row['ipaddress']."\t550 Address invalid\n";
        fwrite($fh, $temp1);
}
fclose($fh);
mysql_free_result($result);

system('/usr/sbin/makemap dbm /etc/mail/access < /etc/mail/access');

?>