check_auth_log

Introduction

The script could be of help if you use:

• postfix
• and want to set limits on outgoing sasl authenticated email to avoid abuse from stolen credentials

This script will parse a postfix mail log for sasl authentications and record them in a database file under sasl username. If the following limits are exceeded:

1. number of different ips per sasl username
2. number of authentications per sasl username

within given time frame then the sasl username is written to a postfix access file or alternatively executes an mysql query to block access from the user. The program parses the log file incrementally so can be run as a cron job as often as needed without rereading lines already processed. In the case of log rotation, the script notices the changed file and rereads from the start. (Note that the lines in the old log file which were unprocessed at the time of the rotate are not read though).

Usage

Please see USAGE file in the download for details.

Obtaining and installing

Download

Latest version

check_auth_log-1.0.1.tgz

Install

Please see INSTALL file in the download for details.

Contact

john at gufonero.com

Last modified Saturday, 29-Jan-2011 05:42:42 CET