FUT, that's what I'd mutter when yet another blast of SPAM for email addresses that didn't exist were delivered to my MTA. Then I heard Merlyn give his You had me at HELO talk. Great solution, monitor mail logs and when a spammer tries to send email to a non-existant address at your site slam the IP door shut on the session. The only problem was, he uses BSD and pf, while I run Linux systems with netfilter/IPTables.

I set out to see if I could implement what he described. With a few digressions, like making the program handle arbitrary events like bogus SSH login attempts, I implemented a program that will monitor logs for email, ssh access, or whatever you define watching for unwanted activity - like an attempt to deliver email to a non-existent user - and create a temporary iptables rule to block access from the miscreant that is trying to abuse your system.

FUT is that program. If you run Linux systems and want to slam the IP door on miscreants (scum) who are abusing your system it may be of interest.

All feedback, pointers to needed code improvement, and patches appreciated.

Ahem, especially pointers for needed code improvement. There's a memory leak and that's no good for something intended to run as a daemon.

Be Appropriate && Follow Your Curiosity

In reply to FUT - Change IPtables rules based on log messages by mikeraz

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.