Comments on Blocking of international spam botnets with a Postfix plugin

1. Where to add those credentials? 2. Do you need to load any .sql into into the database or will the tool created tables?

Currently there is no configuration file, so you must place it right into the plugin file. 

Thank you very much for this and all other posts. Truly, Howtoforge has best of the best How-TOs *nix on internet. Their quality is exceptional!

I figured that out meanwhile... but it seems no database tables are created (and hence nothing filled). Do I need to created the tables manually?

Database tables are created automatically if they are not already. This looks like a problem in database connection, user rights or something else. I think you will find more informations in your database log, or plugin log in /tmp/postfwd_plugin.log.

In Ubuntu Xenial postfw listen on port 10040 instead 12525.

SaludOS/2

Thank you for feedback, yes the default port is 10040.

ondrej, thank you for your great post :)

i have one question, our mailserver is behind another one, ie. the messages sent to our domain is first received in another mailserver that, in turn, it sends to us

in this scenario, postfwd is useful for us? (the real question is if it needs to contact directly with the compromised machines)

thanks in advance :)

g

I think not.

Postfwd is reading client IP address and username to which the client is connecting, so you wouldn't see the headers with original IP address and account to which it is connecting.

Great work!

Thanks for this!

Can you provide the bash script used to analise the behavior of a compromissed account?

I don't remember it on 100%, but tt was a simple oneliner, something like code below but piped into GeoIP CLI tool I think.

grep 'rule=<RULE_NUMBER>.*queue=' /var/log/mail.log.1 | grep 'user=<USER>' | awk -F, '{print $4" "$5" "$6" "$8}' | sort | uniq -c | sort -n

It works on Debian 8, but I haven't had any luck on Debian 9. I've followed your guidelines as well as the ones on github with no luck. It's just a pity that a so useful piece of software is going to die... (I wish I had the skills to maintain it)

We were able to solve this issue on GitHub. 

I recommend everybody to submit issue there or contact me directly on my mail address written on GitHub.

For anybody wondering, this plugin was and still is maintained by me.

Since this blog was released, it was updated and improved many times and is much simpler to use.

Just follow it at main GitHub repository ( https://github.com/Vnet-as/postfwd-anti-geoip-spam-plugin), open issues, write me a message if you have any problems.

Cheers.

 I can confirm against my previous comment that everything works perfectly.

Hi, 

I follow your comments with excitement. I've done all of the things described here. I'm wrong with mysql?

Update database connection. This example shows the MySQL configuration.

# my $ driver = "pmg";

my $ driver = "mysql";

my $ database = "test";

my $ host = "127.0.0.1";

my $ port = "3306";

# my $ port = "5432";

my $ dsn = "DBI: $ drive: database = $ database; host = $ host; port = $ port";

my $ userid = "rootuser";

my $ password = "rootpassword";

Hi, has anyone had some trouble following this tutorial Specially with the database?