SyslogScan::Daemon::SpamDetector - Notice spammers in the log files
plugin SyslogScan::Daemon::SpamDetector as sd_
debug 0
ignoreip /etc/postfix/ourip
SyslogScan::Daemon::SpamDetector is a plugin for SyslogScan::Daemon that watches log files for indications of Spam.
To do it's job it uses additional plugins.
The following configuration parameters are supported:
Debugging on (1) or off (0).
Usually defaulted to the config file for SyslogScan::Daemon.
How big should the message id cache be? This is used by some of the plugins to match up what happens to a message. For example, we need to remember the IP address of that a message came from (SyslogScan::Daemon::SpamDetector::Sendmail or SyslogScan::Daemon::SpamDetector::Postfix) and then later decide if it's spam (SyslogScan::Daemon::SpamDetector::SpamAssassin). Default is 10,000.
A shell command to run when spam is found. In the command, $ip will be substituted for the IP address the message came from. All of the other keys to the %info array (documented blow) are also available as substitutions.
A shell command to run when a non-spam message is found.
A filename that contains a list of IP blocks (one per line) that should be ignored. The blocks are in the format A.B.C.D/bits
Plugins for SyslogScan::Daemon::SpamDetector will either help recognize spam or do something with recognized spam.
Either way, they create or use an <%info> hash that describes an event:
What is being reported? Values are:
The message id. Usually required.
The IP address. This is required unless an idmap established an id -> ip mapping previously in which case an id may be used instead.
The spam score from SpamAssassin. If not reporting SpamAssassin, make something else up.
What kind of match was made. Example values are: spamassassin, spamsink, badaddrs, etc.
Hostname of the system receiving the message.
If you report message ids to outsiders (like, for example if you're using this information to block mail) then don't report the message id this time because it is sensitive information. Optional.
SyslogScan::Daemon::SpamDetector invokes the following methods on it's plugins:
Inherited from SyslogScan::Daemon.
When this is called, $_ will be set to the logfile line that matched. Please leave $_ alone so that other plugins that matched the same line can also use it.
Return () if not providing an %info.
Inherited from SyslogScan::Daemon.
Inherited from SyslogScan::Daemon.
Called when spam is found. Called though Plugins::API.
Called when non-spam is found. Called though Plugins::API.
SyslogScan::Daemon::SpamDetector provides some Plugins::API callbacks:
Calling this is the same as returning %info from parse_logs().
Is this one of our own IP addresses and thus should be ignored? A return of undef doesn't answer but a return of 0 says that the item is not our IP address.
The context for this: SyslogScan::Daemon, Plugins, Plugins::API, Daemon::Generic.
Plugins for this module: SyslogScan::Daemon::SpamDetector::BlockList. SyslogScan::Daemon::SpamDetector::Sendmail, SyslogScan::Daemon::SpamDetector::Postfix, SyslogScan::Daemon::SpamDetector::SpamSink, SyslogScan::Daemon::SpamDetector::SpamAssassin. SyslogScan::Daemon::SpamDetector::Bogofilter. SyslogScan::Daemon::SpamDetector::BadAddr.
If you need high-speed internet services (T1, T3, OC3 etc), please send me your request-for-quote. I have access to very good pricing: you'll save money and get a great service.
Copyright(C) 2006 David Muir Sharnoff <muir@idiom.com>. This module may be used and distributed on the same terms as Perl itself.
