initial commit

Makefile

@@ -0,0 +1,5 @@
+install: pf_bruteforce.sh
+    install -o root -g bin pf_bruteforce.sh /usr/local/bin/pf_bruteforce
+
+uninstall:
+    rm -f /usr/local/bin/pf_bruteforce

README.md

@@ -0,0 +1,28 @@
+# Anarchy Planet mail scripts
+
+Mail scripts for Anarchy Planet.
+
+## pf_bruteforce
+
+Edit `pf_bruteforce.sh` to set a limit of failed auth attempts (default 50).
+
+Install:
+
+    # make install
+
+Add somewhere high up in /etc/pf.conf:
+
+    table <bruteforce> persist
+    block in quick on egress from <bruteforce>
+
+Check for pf errors:
+
+    # pfctl -nf /etc/pf.conf
+
+If okay, load the new ruleset:
+
+    # pfctl -f /etc/pf.conf
+
+Add to root's crontab:
+
+    */10 * * * * /usr/local/bin/pf_bruteforce

pf_bruteforce.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+limit=50
+maillog=/var/log/maillog
+rl_logd=/var/www/blackmail.sh/rainloop/data/_data_/_default_/logs/fail2ban/
+rl_logf=$rl_logd/auth-$(date '+%Y-%m-%d').txt
+
+_rainloop() {
+    if test -f $rl_logf; then
+        cat $rl_logf \
+            | sed 's/.*ip=\([0-9\.]*\).*/\1/'
+    fi
+}
+_dovecot() {
+    grep 'auth failed' $maillog \
+        | sed 's/.*rip=\([0-9\.]*\).*/\1/'
+}
+_smtpd() {
+    for envid in $(grep '535 Auth' $maillog | awk '{ print $6 }'); do
+        grep "$envid smtp connected" $maillog \
+            | sed 's/.*address=\([0-9\.]*\).*/\1/'
+    done
+}
+
+tmpf=$(mktemp)
+
+( _rainloop; _dovecot; _smtpd ) \
+    | sort | uniq -c \
+    | awk '$1 > '$limit' { print $2 }' > $tmpf
+
+for ip in $(cat $tmpf); do
+    if ! pfctl -t bruteforce -T test $ip 2>/dev/null; then
+        pfctl -t bruteforce -T add $ip
+    fi
+done
+rm $tmpf