Why not adopt me?

This distribution is up for adoption! If you're interested then please contact the PAUSE module admins via email.

NAME

SyslogScan::Daemon::BlacklistDetector - notice when a mail server has been blacklisted

SYNOPSIS

 plugin SyslogScan::Daemon::BlacklistDetector
	debug		0

 bld_plugin SyslogScan::Daemon::BlacklistDetector::Postfix
	debug		0
	rx_ourIP	127\.0\.0\.1
	logpath		/var/log/mail.log

 bld_plugin SyslogScan::Daemon::BlacklistDetector::EmailNotify
	debug		0
	notify		your@email.here
	renotify_time	7200
	forget_time	3600
	sendfrom	root
	clean_time	1800
	maxkeep		100

DESCRIPTION

SyslogScan::Daemon::BlacklistDetector watches the mail log for SMTP reject messages that indicate that your mail server has been blacklisted by another site.

SyslogScan::Daemon::BlacklistDetector is a plugin for SyslogScan::Daemon. The SYNOPSIS shows the configuration lines you might use in /etc/syslogscand.conf to turn on the blacklist detector.

CONFIGURATION PREFIX

The configuration prefix for plugins for SyslogScan::Daemon::BlacklistDetector is bld_. Use bld_plugin to load plugins.

CONFIGURATION PARAMETERS

SyslogScan::Daemon::BlacklistDetector defines the following configuration parameters which may be given in indented lines that follow plugin SyslogScan::Daemon::BlacklistDetector or with the confuration prefix (bld_) anywhere in the configuration file after the plugin SyslogScan::Daemon::BlacklistDetector line.

debug: (default 0) Turn on debugging.

WRITING PLUGINS

Plugins for SyslogScan::Daemon::BlacklistDetector should subclass SyslogScan::Daemon::BlacklistDetector::Plugin. Except for new() and preconfig(), all of these methods are optional.

SyslogScan::Daemon::BlacklistDetector will invoke the following methods on its plugins:

new()

See notes for plugins for SyslogScan::Daemon.

preconfig()

See notes for plugins for SyslogScan::Daemon.

get_logs()

See notes for plugins for SyslogScan::Daemon.

parse_logs()

Called after one of the regular expressions returned by get_logs() matched a log line. The arguments are the log filename where the match was found and the regular expression that matched. Passed implicitly are the line that was matched ($_) and any of the numbered regular expression submatches ($1, $2, etc).

The return value is a %hash of information. The hash should be completely empty if the log line is not a SMPT rejection.

The following keys are required:

status: This should be deferred for a 4XX rejection and bounced for a 5XX rejection.
logline: This should be the whole log line ($_).
sourceip: The IP address used by the MTA for sending email. This may be unknown.
destdomain: The domain of the recipient that bounced.
to_address: The recipient that bounced.

The return value is the %info hash passed to exactly one of the following: grelisted(), recipient_reject(), sender_reject(), content_reject() realtime_reject(), and blacklisted().

greylisted(%info)

This is called if the logline returned by parse_logs() contatins the word greylisted.

recipient_reject(%info)

This is called if the logline returned by parse_logs() matches a regular expression that indicates that the rejection was due to being sent to a particular recipient.

The regular expression is hard-coded to encourage everyone to share any changes with the author.

sender_reject(%info)

This is called if the logline returned by parse_logs() matches a regular expression that indicates that the rejection was due to being sent from a particular sender.

The regular expression is hard-coded to encourage everyone to share any changes with the author.

content_reject(%info)

This is called if the logline returned by parse_logs() matches a regular expression that indicates that the rejection was due to the content of the message sent.

The regular expression is hard-coded to encourage everyone to share any changes with the author.

realtime_reject(%info)

This is called if the logline returned by parse_logs() matches a regular expression that indicates that the rejection was due to a transitory blacklist.

The regular expression is hard-coded to encourage everyone to share any changes with the author.

blacklisted(%info)

This is called for lines that don't match the regular expressions for grelisted(), realtime_reject(), sender_reject(), or recipient_reject() or content_reject().

periodic()

See notes for plugins for SyslogScan::Daemon.

LICENSE

This module may be used and copied on the same terms as Perl itself.

If you need help writing additional modules for BlacklistDetector.pm, I'm usually available to do so. Inquire for rates.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Why not adopt me?

NAME

SYNOPSIS

DESCRIPTION

CONFIGURATION PREFIX

CONFIGURATION PARAMETERS

WRITING PLUGINS

LICENSE

SEE ALSO

Module Install Instructions