--- a/syslog2iptables.conf.top	Wed Jul 15 14:29:47 2020 -0700
+++ b/syslog2iptables.conf.top	Sun Feb 11 12:04:13 2024 -0800
@@ -1,3 +1,16 @@
+context monitor2 {
+    threshold 150;
+    add_command "echo 'rate limit exceeded' | mail -s 'rate limit exceeded' carl@five-ten-sg.com";
+    remove_command "true";
+    file "/var/log/maillog" {
+        pattern "milter=dnsbl, .* reject=550 (.*) (unique|recipient) .* limit exceeded" {
+            index 1;    // zero based
+            bucket 100;
+            message "rate limit exceeded";
+        };
+    };
+};
+
 context general {
     threshold 550;
 
@@ -6,6 +19,23 @@
 
     ignore {
         127.0.0.0/8;        // localhost
+        192.168.0.0/16;     // internal networks
+        172.102.240.82/30;  // 510sg data center
+        172.102.240.42/30;  // 510sg data center
+        216.86.213.0/24;    // mbmg
+        104.53.80.243/32;   // davd att
+        75.140.46.51/32;    // davd spectrum
+        67.227.199.34/32;   // routerdog
+        67.227.199.43/32;   // routerdog
+        69.167.152.113/32;  // routerdog
+        69.167.152.152/32;  // routerdog
+        209.59.129.6/32;    // routerdog
+        205.139.110.0/24;   // mimecast probing smtp banners
+        207.211.31.0/24;    // mimecast probing smtp banners
+        216.205.24.0/24;    // mimecast probing smtp banners
+        63.128.21.0/24;     // mimecast probing smtp banners
+        146.101.78.0/24;    // mimecast probing smtp banners
+        207.82.80.0/24;     // mimecast probing smtp banners
     };
 
     file "/var/log/secure" {
@@ -67,6 +97,11 @@
             bucket 400;
             message "kernel firewall blocked packet";
         };
+        pattern "named.* (.*)#.*denied$" {
+            index 1;    // zero based
+            bucket 100;
+            message "dns query denied";
+        };
     };
 
     file "/var/log/maillog" {