diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2014-06-25 13:22:05 -0700 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2014-06-25 13:22:05 -0700 |
| commit | a18be7b8a613125646ba8c7cdfa0309e96ff9412 (patch) | |
| tree | 10655f9f99d44781c1364076bda515dfbbc58194 /exim.txr | |
| parent | 6f8fe6efc48a90134d972a0b951f3439b9581160 (diff) | |
| download | txrban-a18be7b8a613125646ba8c7cdfa0309e96ff9412.tar.gz txrban-a18be7b8a613125646ba8c7cdfa0309e96ff9412.tar.bz2 txrban-a18be7b8a613125646ba8c7cdfa0309e96ff9412.zip | |
Summer 2014 update.
* apache.txr: restructuring of matching rules. Some new intruders listed.
Now also checks HTTP response code to detect accesses to nonexistent pages.
Bugfix: was not calling do-expiry.
* txrban.txr: added code at top of @(do) to easily turn off daemonization
and redirect logging to stdout for debugging.
(*extrainfo*): New global hash.
(report): New optional argument to pass extra info.
(get-info): Function to retrieve the list of extra info for an IP address.
(clear): New function to unban an IP and completely clear its access history.
(ban): Use new sh function instead of open-command. Use new backquote
operator ^ instead of '.
(process-histories): When the recent access history is empty, delete
it from *access-hist* rather than keeping an empty list there.
Also delete the *extrainfo* when this happens.
(do-expiry): Use unban function for unbanning.
(unban): New function.
* utils.txr (m): New pattern function for parsing month name.
(self): New variable to hold the script's own name.
(debug): Send output to *stdlog* instead of *stdout*, so
that we now have syslog logging.
* exim.txr: New file.
* ssh.txr: New file.
* startup.sh: New file.
Diffstat (limited to 'exim.txr')
| -rw-r--r-- | exim.txr | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/exim.txr b/exim.txr new file mode 100644 index 0000000..46d5cf0 --- /dev/null +++ b/exim.txr @@ -0,0 +1,37 @@ +@(load "txrban") +@(next @(open-tail "/var/log/exim4/rejectlog" "r" nil)) +@(repeat) +@ (block continue) +@ (all) +@(n year)-@(n month)-@(n day) @(n hour):@(n min):@(n sec) @(skip) +@ (and) +@ (cases) +@nil @nil H=@host [@ip] F=<@sender@@@domain> rejected RCPT <@recip@@@rdomain>: @rejreason +@ (next :string rejreason) +@ (cases) +@(skip)(@ip) is listed@(skip) +@ (bind points 0) +@ (or) +host lookup failed@(skip) +@ (bind points 10) +@ (or) +@ (bind points 6) +@ (end) +@ (or) +@nil @nil SMTP protocol synchronization error @(skip)[@ip]@(skip) +@ (bind points 10) +@ (or) +@nil @nil SMTP call from@(skip)[@ip] dropped: too many nonmail@(skip) +@ (bind points 10) +@ (or) +@nil @nil cram_md5_server authenticator failed @(skip)[@ip]@(skip) +@ (bind points 10) +@ (or) +@ (accept continue) +@ (end) +@ (do + (let ((time (make-time year month day hour min sec :auto))) + (report ip time points))) +@ (end) +@ (end) +@(end) |