MailScanner Auto Block and Release IP 
週四, 七月 14, 2011, 09:18 AM - MailScanner, Solaris
crontab -e
0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/local/bin/php /opt/mailscanner_sql_blockip.php 

#!/usr/local/bin/php
<?php
$linkptr = mysql_pconnect ("192.168.50.172","mailwatch","");
mysql_select_db("mailscanner",$linkptr);

$accessfile = "/etc/mail/access";

$sql = "SELECT clientip FROM `maillog` WHERE `sascore` >=10 and `timestamp` > DATE_ADD(now() ,INTERVAL -5 MINUTE) group by clientip ORDER BY INET_ATON(clientip)";
$result = mysql_query($sql);

while ($row = mysql_fetch_assoc($result)) {
    $sql = "SELECT `ipaddress` FROM`ac_blockip` WHERE `ipaddress`= '".$row['clientip']."'";
    $resulttemp = mysql_query($sql);    
    list($r_ipaddress) = mysql_fetch_row($resulttemp);
    mysql_free_result($resulttemp);
    if ($r_ipaddress == $row['clientip']) {
        $sql = "UPDATE ac_blockip SET score=(score + 1),`timeout`=DATE_ADD( now() ,INTERVAL (score*24) HOUR),`status`='B' where ipaddress='".$row['clientip']."'";
        mysql_query($sql,$linkptr);
    } else {
        $sql = "INSERT INTO `ac_blockip`(`ipaddress`, `score`, `timeout`, `status`) VALUES ('".$row['clientip']."',1,DATE_ADD( now() ,INTERVAL 24 HOUR),'B')";
        mysql_query($sql,$linkptr);
    }
}
mysql_free_result($result);

$sql = "UPDATE `ac_blockip` SET `timeout`=0,`status`='R' where `status` = 'B' and `timeout` < now()";
mysql_query($sql,$linkptr);

$sql = "SELECT `ipaddress` FROM `ac_blockip` where status = 'B'";
$result = mysql_query($sql);

$temp = "";
$fh = fopen($accessfile, 'w') or die("can't open file");
while ($row = mysql_fetch_assoc($result)) {
        $temp1 = $row['ipaddress']."\t550 Address invalid\n";
        fwrite($fh, $temp1);
}
fclose($fh);
mysql_free_result($result);

system('/usr/sbin/makemap dbm /etc/mail/access < /etc/mail/access');

?>


[ 發表回應 ] ( 77預覽 )   |  常註連結  |   ( 3 / 1973 )
Mailscanner maillog SQL auto cleanup script 
週二, 七月 12, 2011, 10:20 AM - MailScanner
#!/usr/local/bin/php
<?php
$host = "localhost";
$user = "mailwatch";
$pass = "";
$db = "mailscanner";
$linkptr = mysql_pconnect ($host,$user,$pass);
mysql_select_db($db,$linkptr);


$DATENOW="-3 MONTH";

$QUERY_DELETE="DELETE FROM maillog WHERE timestamp <= DATE_ADD(DATE_FORMAT(NOW(),'%Y-%m-%d'),INTERVAL $DATENOW);";
$QUERY_REPAIR="REPAIR TABLE maillog ";

mysql_query($QUERY_DELETE,$linkptr);
mysql_query($QUERY_REPAIR,$linkptr);

?>


[ 發表回應 ] ( 18預覽 )   |  常註連結  |   ( 3 / 1974 )
Solaris 10 SendMail service modify SMF for MailScanner 
週三, 七月 6, 2011, 04:57 AM - Sendmail, MailScanner, Solaris, Solaris Services
# svcadm disable smtp:sendmail
# cd /lib/svc/method
# cp smtp-sendmail smtp-sendmail.orig
# {Editor} smtp-sendmail <- use your Editor Program.


----------------
Find
----------------
$SENDMAIL $MODE -q$QUEUEOPTION$QUEUEINTERVAL $OPTIONS &  
----------------
Modify
----------------
OPTIONS="-OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in"
$SENDMAIL $MODE -q$QUEUEOPTION$QUEUEINTERVAL $OPTIONS &
----------------
Save
----------------


# svcadm enable smtp:sendmail


[ 發表回應 ] ( 60預覽 )   |  常註連結  |   ( 2.9 / 2090 )

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |