[Gross] Excellent program [ feature requests ]
Justin Piszcz
jpiszcz at lucidpixels.com
Sun Oct 26 02:16:09 EEST 2008
On Sat, 25 Oct 2008, Justin Piszcz wrote:
> For RHSBL checks, can we implement the following:
> - client rhsbl checks (hostname of client)
> - helo rhsbl checks (what the client says the helo=)
> - sender rhsbl checks (I assume this is what it does by default)
>
> Similar to the following in postfix:
> - reject_rhsbl_helo
> - reject_rhsbl_client
>
> # 'block_threshold' is the threshold after which grossd sends
> # a permanent error to the client. Every check that considers client_ip
> # as suspicious returns a value (check weight). When sum of these
> # values gets equivalent or greater than 'block_threshold', grossd
> # sends a STATUS_BLOCK response. Default is 0, which disables
> # this functionality.
> # DEFAULT: block_threshold = 0
> block_threshold = 4
> - Would it be possible to block if in more than X number of RBLs as well,
> regardless of the score?
>
>
Also could be a combination of RBL+RHSBL hits.
Oct 25 19:14:38 p34 postfix/smtpd[16101]: connect from
unknown[123.69.100.47]
Oct 25 19:14:40 p34 grossd: #4123f950: a=block d=114 w=4 c=123.69.100.47
s=dyr57yur54f at huashanfu.com r=jpiszcz at lucidpixels.com h=huashanfu.com
m=cbl.abuseat.org+1 m=b.barracudacentral.org+3
Would it be possible also to set the prefix to postfix/grossd or have it
user-customizable without having to change the source? Its nice to have
the output line-up :)
Justin.
More information about the Gross
mailing list