Help-Site Computer Manuals
Software
Hardware
Programming
Networking
  Algorithms & Data Structures   Programming Languages   Revision Control
  Protocols
  Cameras   Computers   Displays   Keyboards & Mice   Motherboards   Networking   Printers & Scanners   Storage
  Windows   Linux & Unix   Mac

SyslogScan::Daemon::SpamDetector
Notice spammers in the log files

SyslogScan::Daemon::SpamDetector - Notice spammers in the log files


NAME


 SyslogScan::Daemon::SpamDetector - Notice spammers in the log files


SYNOPSIS


 plugin SyslogScan::Daemon::SpamDetector as sd_

        debug           0

        ignoreip        /etc/postfix/ourip


DESCRIPTION

SyslogScan::Daemon::SpamDetector is a plugin for the SyslogScan::Daemon manpage that watches log files for indications of Spam.

To do it's job it uses additional plugins.


CONFIGURATION PARAMETERS

The following configuration parameters are supported:

debug
Debugging on (1) or off (0).

configfile
Usually defaulted to the config file for SyslogScan::Daemon.

idcachesize
How big should the message id cache be? This is used by some of the plugins to match up what happens to a message. For example, we need to remember the IP address of that a message came from (the SyslogScan::Daemon::SpamDetector::Sendmail manpage or the SyslogScan::Daemon::SpamDetector::Postfix manpage) and then later decide if it's spam (the SyslogScan::Daemon::SpamDetector::SpamAssassin manpage). Default is 10,000.

spam_command
A shell command to run when spam is found. In the command, $ip will be substituted for the IP address the message came from. All of the other keys to the %info array (documented blow) are also available as substitutions.

ham_command
A shell command to run when a non-spam message is found.

ignoreip
A filename that contains a list of IP blocks (one per line) that should be ignored. The blocks are in the format A.B.C.D/bits


WRITING PLUGINS

Plugins for SyslogScan::Daemon::SpamDetector will either help recognize spam or do something with recognized spam.

Either way, they create or use an <%info> hash that describes an event:

status
What is being reported? Values are:
spam
A spammy message has been found.

ham
A non-spam message has been found.

idmap
A message has come in, establish a mapping from the id to the ip.

id
The message id. Usually required.

ip
The IP address. This is required unless an idmap established an id -> ip mapping previously in which case an id may be used instead.

score
The spam score from SpamAssassin. If not reporting SpamAssassin, make something else up.

match
What kind of match was made. Example values are: spamassassin, spamsink, badaddrs, etc.

host
Hostname of the system receiving the message.

hideid
If you report message ids to outsiders (like, for example if you're using this information to block mail) then don't report the message id this time because it is sensitive information. Optional.

SyslogScan::Daemon::SpamDetector invokes the following methods on it's plugins:

@logs = get_logs()
Inherited from the SyslogScan::Daemon manpage.

%info = parse_logs($logfile, $regex_matched)
When this is called, $_ will be set to the logfile line that matched. Please leave $_ alone so that other plugins that matched the same line can also use it.

Return () if not providing an %info.

preconfig($configfile)
Inherited from the SyslogScan::Daemon manpage.

periodic()
Inherited from the SyslogScan::Daemon manpage.

spam_found(%info)
Called when spam is found. Called though the Plugins::API manpage.

ham_found(%info)
Called when non-spam is found. Called though the Plugins::API manpage.

SyslogScan::Daemon::SpamDetector provides some the Plugins::API manpage callbacks:

process_spam_match(%info)
Calling this is the same as returning %info from parse_logs().

is_ourip($ip_address)
Is this one of our own IP addresses and thus should be ignored? A return of undef doesn't answer but a return of 0 says that the item is not our IP address.


SEE ALSO

The context for this: the SyslogScan::Daemon manpage, Plugins, the Plugins::API manpage, the Daemon::Generic manpage.

Plugins for this module: the SyslogScan::Daemon::SpamDetector::BlockList manpage. the SyslogScan::Daemon::SpamDetector::Sendmail manpage, the SyslogScan::Daemon::SpamDetector::Postfix manpage, the SyslogScan::Daemon::SpamDetector::SpamSink manpage, the SyslogScan::Daemon::SpamDetector::SpamAssassin manpage. the SyslogScan::Daemon::SpamDetector::Bogofilter manpage. the SyslogScan::Daemon::SpamDetector::BadAddr manpage.


THANK THE AUTHOR

If you need high-speed internet services (T1, T3, OC3 etc), please send me your request-for-quote. I have access to very good pricing: you'll save money and get a great service.


LICENSE

Copyright(C) 2006 David Muir Sharnoff <muir@idiom.com>. This module may be used and distributed on the same terms as Perl itself.

Programminig
Wy
Wy
yW
Wy
Programming
Wy
Wy
Wy
Wy