NAME
SyslogScan::Daemon::BlacklistDetector - notice when a mail server has been blacklisted
SYNOPSIS
plugin SyslogScan::Daemon::BlacklistDetector
debug 0
bld_plugin SyslogScan::Daemon::BlacklistDetector::Postfix
debug 0
rx_ourIP 127\.0\.0\.1
logpath /var/log/mail.log
bld_plugin SyslogScan::Daemon::BlacklistDetector::EmailNotify
debug 0
notify your@email.here
renotify_time 7200
forget_time 3600
sendfrom root
clean_time 1800
maxkeep 100
DESCRIPTION
SyslogScan::Daemon::BlacklistDetector watches the mail log for SMTP
reject messages that indicate that your mail server has been blacklisted
by another site.
SyslogScan::Daemon::BlacklistDetector is a plugin for
SyslogScan::Daemon. The SYNOPSIS shows the configuration lines you might
use in "/etc/syslogscand.conf" to turn on the blacklist detector.
CONFIGURATION PREFIX
The configuration prefix for plugins for
SyslogScan::Daemon::BlacklistDetector is "bld_". Use "bld_plugin" to
load plugins.
CONFIGURATION PARAMETERS
SyslogScan::Daemon::BlacklistDetector defines the following
configuration parameters which may be given in indented lines that
follow "plugin SyslogScan::Daemon::BlacklistDetector" or with the
confuration prefix ("bld_") anywhere in the configuration file after the
"plugin SyslogScan::Daemon::BlacklistDetector" line.
debug (default 0) Turn on debugging.
WRITING PLUGINS
Plugins for SyslogScan::Daemon::BlacklistDetector should subclass
"SyslogScan::Daemon::BlacklistDetector::Plugin". Except for "new()" and
"preconfig()", all of these methods are optional.
SyslogScan::Daemon::BlacklistDetector will invoke the following methods
on its plugins:
new() See notes for plugins for SyslogScan::Daemon.
preconfig() See notes for plugins for SyslogScan::Daemon.
get_logs() See notes for plugins for SyslogScan::Daemon.
parse_logs() Called after one of the regular expressions returned by
"get_logs()" matched a log line. The arguments are the
log filename where the match was found and the regular
expression that matched. Passed implicitly are the line
that was matched ($_) and any of the numbered regular
expression submatches ($1, $2, etc).
The return value is a %hash of information. The hash
should be completely empty if the log line is not a SMPT
rejection.
The following keys are required:
status This should be "deferred" for a 4XX
rejection and "bounced" for a 5XX
rejection.
logline This should be the whole log line ($_).
sourceip The IP address used by the MTA for sending
email. This may be "unknown".
destdomain The domain of the recipient that bounced.
to_address The recipient that bounced.
The return value is the %info hash passed to exactly one
of the following: "grelisted()", "recipient_reject()",
"sender_reject()", "content_reject()"
"realtime_reject()", and "blacklisted()".
greylisted(%info)
This is called if the "logline" returned by
"parse_logs()" contatins the word "greylisted".
recipient_reject(%info)
This is called if the "logline" returned by
"parse_logs()" matches a regular expression that
indicates that the rejection was due to being sent to a
particular recipient.
The regular expression is hard-coded to encourage
everyone to share any changes with the author.
sender_reject(%info)
This is called if the "logline" returned by
"parse_logs()" matches a regular expression that
indicates that the rejection was due to being sent from a
particular sender.
The regular expression is hard-coded to encourage
everyone to share any changes with the author.
content_reject(%info)
This is called if the "logline" returned by
"parse_logs()" matches a regular expression that
indicates that the rejection was due to the content of
the message sent.
The regular expression is hard-coded to encourage
everyone to share any changes with the author.
realtime_reject(%info)
This is called if the "logline" returned by
"parse_logs()" matches a regular expression that
indicates that the rejection was due to a transitory
blacklist.
The regular expression is hard-coded to encourage
everyone to share any changes with the author.
blacklisted(%info)
This is called for lines that don't match the regular
expressions for "grelisted()", "realtime_reject()",
"sender_reject()", or "recipient_reject()" or
"content_reject()".
periodic() See notes for plugins for SyslogScan::Daemon.
LICENSE
Copyright (C) 2006, David Muir Sharnoff <muir@idiom.com>
This module may be used and copied on the same terms as Perl itself.
If you need help writing additional modules for BlacklistDetector.pm,
I'm usually available to do so. Inquire for rates.
SEE ALSO
The context for the blacklist detector: SyslogScan::Daemon, Plugins,
Plugins::API.
Plugins for the blacklist detector:
SyslogScan::Daemon::BlacklistDetector::Postfix,
SyslogScan::Daemon::BlacklistDetector::EmailNotify.