(how-to) enghange greylist power

Questions and answers about how to do stuff
Post Reply
nicola.piazzi
Posts: 268
Joined: 23 Apr 2015 09:45

(how-to) enghange greylist power

Post by nicola.piazzi » 09 Apr 2019 09:12

This script is very fast and can be put in crontab -e with a single line like this
* * * * * /batch/greyspam.sh

Put it into batch folder, every minute it take classc of last minute spam and remove it from sqlgrey awl so spammers must redo greylist process
It remove line only if no ham found from that classc in recently hours




# greyspam.sh
# -----------
#
# This script is useful to remove awl records from greylist of servers that made spam recently
# so they need to redo greylist process
# SQLgrey must be configured as classc
# Put in crontab a line like this to run every 1 minute
# * * * * * /batch/greyspam.sh

# Parameters
ROOTPWD=$(grep MYSQLROOTPWD /etc/EFA-Config | sed 's/.*://')
VSCORESPAM=10 # Search for IP that have more than VSCORESPAM score
VMINSPAM=1 # In the last VMINSPAM minutes
VSCOREHAM=6 # But exclude if the ip sent message that have less than VSCOREHAM
VMINHAM=600 # In the last VMINHAM minutes
VLOGFILE=/batch/greyspam.log # Logfile

# Date & Time
NOW=$(date +"%m-%d-%Y %r")
start=`date +%s.%N`

# Touching log file
touch $VLOGFILE

# Main selection query from table mailscanner get recent spam
S1="SELECT clientip \
FROM mailscanner.maillog \
WHERE timestamp > DATE_SUB(now(), INTERVAL $VMINSPAM MINUTE) \
AND spamwhitelisted = 0 \
AND clientip NOT LIKE '10.%' \
AND clientip NOT LIKE '192.168.%' \
AND sascore > $VSCORESPAM \
GROUP BY clientip;"

f=0;ff=0
res1=($(mysql -N -u root -p${ROOTPWD} -e "${S1}"))
cnt=${#res1[@]}
for (( i=0 ; i<${cnt} ; i++ ))
do
ipspam=${res1}
ipclassc=${ipspam%.*}
#echo ""; echo "Found line " $i " Ip: " $ipspam " Classc: " $ipclassc
# Find if this classc made some ham recent ham
S2="SELECT clientip \
FROM mailscanner.maillog \
WHERE timestamp > DATE_SUB(now(), INTERVAL $VMINHAM MINUTE) \
AND clientip LIKE '$ipclassc%' \
AND sascore < $VSCOREHAM \
GROUP BY clientip;"
res2=$(mysql -N -u root -p$ROOTPWD -se "$S2")
let "f++"
if [[ $res2 == "" ]] ; then
let "ff++"
echo "Not found ham so remove SQLgrey classc $ipclassc from SQLGrey awl" >> $VLOGFILE
S3="DELETE \
FROM sqlgrey.domain_awl \
WHERE src = '$ipclassc'";
res3=$(mysql -N -u root -p$ROOTPWD -se "$S3")
S4="DELETE \
FROM sqlgrey.from_awl \
WHERE src = '$ipclassc'";
res4=$(mysql -N -u root -p$ROOTPWD -se "$S4")
fi
done


# Logging
end=`date +%s.%N`
runtime="$(bc <<<"$end-$start")"
echo "$NOW $f spam ip in last $VMINSPAM minute, $ff with no ham in last $VMINHAM removed from SQLGrey awl , time elapsed: $runtime sec." >> $VLOGFILE

# Truncating logfile
tail -n 500 $VLOGFILE > $VLOGFILE.tmp
mv $VLOGFILE.tmp $VLOGFILE

Post Reply