[exim-conf] Feature request

[Andrey N. Oktyabrski]

У меня вот такое работает. Логи посуточные. То есть, время жизни адреса 
в чёрном списке регулируется количеством анализируемых логов.

$ pcregrep -A4 'Brute force' ANOlizer.awk
### Brute force password recognition ###
/ authenticator failed for \([^[:space:]]+\) \[[[:digit:]\.]+\]/ {
   khost = $8; gsub(/(\[|\]\:)/, "", khost);
   bfrc[khost]++;
}
--
### Brute force password recognition ###
   BFORCE_HOSTS = DBSRC "/bruteforce";
   for (k in bfrc) {
     if (bfrc[k] > BFORCE_LIM) print k ":\t" bfrc[k] > BFORCE_HOSTS;
   }

Подключение:
acl_check_connect:
...
### Bruteforcers goes out immediately ###
# cron: ANOlizer.sh
   defer  hosts           = !+relay_from_hosts
          condition       = ${lookup{$sender_host_address} \
            dbm{DB/bruteforce.db} {yes}{no}}
          log_message     = BFORCE

Запуск анализатора:
$ sudo crontab -l | grep ANOlizer
* * * * *	/usr/pkg/etc/exim/bin/ANOlizer.sh

$ less ANOlizer.sh
#! /bin/sh

LOG='/var/log/exim/mainlog'
ETC='/usr/pkg/etc/exim'
DB='/usr/pkg/etc/exim/db'
BIN='/usr/pkg/etc/exim/bin'
DBSRC='/usr/pkg/etc/exim/src/db'
ZCAT='/bin/zcat'
DBMBUILD='/usr/pkg/sbin/exim_dbmbuild -nolc'

#$ZCAT $LOG.3.gz $LOG.2.gz $LOG.1.gz \
#       | cat - $LOG \
#       | $BIN/ANOlizer.pl

ALL_LOGS=''
LOGS_COUNT=3
while [ x$LOGS_COUNT != x0 ]; do
         LOGS_COUNT=$((LOGS_COUNT - 1))
         [ -f "$LOG.$LOGS_COUNT.gz" ] && ALL_LOGS="$ALL_LOGS 
$LOG.$LOGS_COUNT.gz"
done

$ZCAT $ALL_LOGS \
         | cat - $LOG \
         | $BIN/ANOlizer.awk

for db in disconnect dict_hosts lastmxconnect mh_hosts mh_helo 
bruteforce wh_hosts bad_froms bad_hosts; do
         $DBMBUILD $DBSRC/$db $DB/$db.db >/dev/null
done