spamGuard 1.9 README --------------------------------------- Nearly all of today's mail system administrators face spam as their first threat. Because of this, EnderUNIX team has written this small application to automagically monitor malicious spammer activity in your mail server logs. spamGuard is written purely in C, to stop spammers hanging around. The program supports nearly all mostly used MTAs; qmail (qSheff, multilog, and splogger), sendmail, Postfix and Exim. Rationale: ---------- 1. spamGuard is fired via crontab within fixed intervals. 2. spamGuard scans the accumulated maillog and finds the amount of mails users sent. 3. spamGuard loads its ignore list from its ignore file and badmailfiles files(badmailfrom in qmail and access for sendmail). 4. users whose mail count exceeds the configured threshold value(there are three different values: warning, block and paranoid) are treated as spammers. They are added to mailers' badmail file (spammer blacklist files). 5. Notification mails are sent to sysadmins about spammer activity, if present. 6. (For sendmail version, a hash database of access file is created). spamGuard can process a 85 MB log file in less then 10 seconds. Tested on: FreeBSD 4-STABLE Solaris 2.7-Sparc Solaris 9-Sparc Slackware Linux 8.0 RedHat 9, Digital UNIX, HP-UX If your OS is DigitalUnix, please read README.DigitalUnix. For questions, there is a mailing list available: To subscribe send mail to: EnderUNIX SDT @ Istanbul/Turkey bug-report at enderunix dot org - Tue May 08 21:08:08 EEST 2008