[Pool] Prevent packet storm

G.W. Haywood ged at jubileegroup.co.uk
Fri Mar 25 10:00:56 UTC 2011


Hi there,

On Thu, 24 Mar 2011, der Mouse wrote:

> >> Could something like the system that keeps track of pool server
> >> quality be setup to collect data on abusive clients?
> >
> > I'd like to see it happen, but personally I don't have any time to
> > build it.
>
> I do have the time to build it, at least an initial proof-of-concept

If it's of any use, we have something very vaguely similar which we've
scripted for our mail clients.  We use syslog-ng to pipe our mail logs
through a Perl script, which uses ipsets and iptables to block abusive
mail clients on the fly according to a set of rules.  The rules and
results of their application are stored in a MySQL database, and can
also be logged to text files.  There's a white/green/grey/blacklist
facility, also using tables in the database, which is fairly flexible.
It uses an IP to country map for some of the blacklisting and logging.
The database tables holding blacklists etc. are maintained manually.
The syslog-ng configuration is trivial, the script is about 800 lines
of easy Perl.  There are something like 15 database tables.  You would
probably want to trim a lot of bloat, quite a chunk of the code would
be of no use because it concerns the comparison of strings in mail log
output with those in the various lists, but the essential functionality
is there.  It's been running on our fairly lightly loaded mail servers
for some years, and to date has blocked about 70,000 abusive ip ranges.
There's negligible load on the servers from all this.

If you think it might save you any time, you're welcome to it.  There
are of course no guarantees expressed or implied. :)

> ... is this list an appropriate place ... ?

FWIW I'd like to read the discussion.  This is normally a quiet list. :)

--

73,
Ged.


More information about the pool mailing list