From Code to Community: Sponsoring The Perl and Raku Conference 2025 Learn more

 / 
SyslogScan-Daemon-SpamDetector-0.43
River stage zero No dependents
/ SyslogScan::Daemon::SpamDetector::SpamSink

NAME


            

              
              
SyslogScan::Daemon::SpamDetector::SpamSink - notice messages sent to a honeypot

SYNOPSIS


            

              
              
plugin SyslogScan::Daemon::SpamDetector as sd_
sd_plugin SyslogScan::Daemon::SpamDetector::SpamSink
debug 0
logfile /var/log/mail.info

DESCRIPTION

Watch the system log files for message sent to spam honeypots.

It looks for the following kind of message line:


            

              
              
$Date \S+ spamsink: Message-I[dD]: <.*?>

Lines like this can be generate by forwarding mail to a program like:


            

              
              
#!/bin/sh 
perl -e '
       $x = <>; 
       while (<>) { 
               last if /^$/; 
               next unless /^(Message-I[dD]: .*)/; 
               $y = $1; 
       } 
       print "$y\n" 
               if      $x =~ /\@/ 
                       && $y =~ /\@/ 
                       && $x !~ /mailer-daemon/i 
                       && $x !~ /postmaster/ ; 
' | /usr/bin/logger -p mail.info -t spamsink

CONFIGURATION PARAMETERS

The following configuration parameters are supported:

debug

Debugging on (1) or off (0).

logfile

Which logfile to watch (default: /var/log/syslog).

SEE ALSO

SyslogScan::Daemon::SpamDetector

THANK THE AUTHOR

If you need high-speed internet services (T1, T3, OC3 etc), please send me your request-for-quote. I have access to very good pricing: you'll save money and get a great service.

LICENSE

Copyright(C) 2006 David Muir Sharnoff <muir@idiom.com>. This module may be used and distributed on the same terms as Perl itself.