Mercurial > syslog2iptables

diff syslog2iptables.conf @ 42:d9ae11033b4b stable-1-9
Add default config to firewall systems that send bounces to non-existant accounts. Switch to Mercurial source control. Update spec file for fedora packaging.
author: Carl Byington <carl@five-ten-sg.com>
date: Fri, 21 Mar 2008 14:02:32 -0700
parents: d2ceebcf6595
children: 75361069c6ef
--- a/syslog2iptables.conf	Fri Mar 21 08:51:24 2008 +0000
+++ b/syslog2iptables.conf	Fri Mar 21 14:02:32 2008 -0700
@@ -29,16 +29,19 @@
 };
 
 file "/var/log/httpd/access_log" {
+    // of course you cannot use this if you actually use cgi-bin directories
     pattern "(.*) - - .* /cgi-bin" {
         index 1;    // zero based
         bucket 400;
         message "apache cgi-bin reference";
     };
+    // or if you actually have an index2.php script
     pattern "(.*) - - .*/index2.php" {
         index 1;    // zero based
         bucket 400;
         message "apache index2.php reference";
     };
+    // or if you have a main.php script
     pattern "(.*) - - .*/main.php" {
         index 1;    // zero based
         bucket 400;
@@ -52,6 +55,15 @@
         bucket 200;
         message "sendmail spammer dropping connection";
     };
+
+    // make sure your upstream MX servers are listed in the
+    // ignore block above, otherwise you will kill them off
+    // when they try to forward such mail to you.
+    pattern "sendmail.*from=<>,.*nrcpts=0,.*\[(.*)\]" {
+        index 1;    // zero based
+        bucket 200;
+        message "sendmail rejected bounce";
+    };
 };
 
 //  file "/var/log/messages" {
author	Carl Byington <carl@five-ten-sg.com>
date	Fri, 21 Mar 2008 14:02:32 -0700
parents	d2ceebcf6595
children	75361069c6ef