[ossec-list] Re: Postfix rule

["Daniel Cid" <daniel.cid@xxxxxxxxx>]

Hi Jorge,

Great rule! Do you have some log samples for them? I'm just wondering
if the error id for them is "554". I also get a lot of these messages:

"554 Service unavailable; Client host [a.b.c.d] blocked using
sbl-xbl.spamhaus.org;"

And we could reuse them if the error ID is the same...

Thanks,

--
Daniel B. Cid
dcid @ ( at ) ossec.net

On 6/12/06, Jorge Augusto Senger <jorge@xxxxxxxxxxx> wrote:
>
> A postfix rule that I use on my ossec.
> This is very useful for mail servers using black-lists for anti-spam.
>
> postfix_rules.xml
>
> ------------------------------------------------------------------------
>
>   <rule id="6010" level="5">
>     <if_sid>6000</if_sid>
>     <regex>blocked using cbl.abuseat.org</regex>
>     <description>Blocked using cbl </description>
>   </rule>
>   <rule id="6011" level="5">
>     <if_sid>6000</if_sid>
>     <regex>blocked using bl.spamcop.net</regex>
>     <description>Blocked using spamcop </description>
>   </rule>
>   <rule id="6061" level="10" frequency="$POSTFIX_FREQ" timeframe="45">
>     <if_matched_sid>6011</if_matched_sid>
>     <same_source_ip />
>     <description>IP address black-listed (spamcop).</description>
>   </rule>
>
> ------------------------------------------------------------------------
>
>
> Jorge
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---