-
-
Notifications
You must be signed in to change notification settings - Fork 3
chowkidar.8
chowkidar - SPAM Guard for IndiMail
badmailfrom usage chowkidar [-V] [-f filename] [-b badmailfrom] [-B] -n count chowkidar [-r] [-V] [-v] -q [-b badmailfrom]
badrcptto usage chowkidar [-V] [-f filename] [-t badrcptto] [-T] -n count chowkidar [-r] [-V] [-v] -q [-t badrcptto]
spamdb usage chowkidar [-V] [-f filename] [-s spamdb] [-S] -n count chowkidar [-r] [-V] [-v] -q [-s spamdb]
chowkidar is a utility to help detect potential spammers by counting senders or recipients in qmail-send's deliver log file. The name is derived from the language Hindi, which means 'guard'. It looks for either of the following two entries in the qmail-send's log file.
@400000003d95f1d71571b154 info msg 181462: bytes 403 from <root@indimail.org> qp 8087 uid 0 @400000003d95f1d71571b155 starting delivery 145: msg 523306 to local manny@technology.indimail.org
chowkidar has two modes of operation
build mode – The first form of usage in synopsis shown above.
[step]
synchronize mode – The second form of usage in synopsis shown above.
In build mode, chowkidar maintains a hash table and keeps on incrementing the count against each sender found in the log file. After reading the log file completely, it prints out on stderr, the spammer's email id and count of mails received from the spammer. The default output file is the control file 'badmailfrom'. This can be either changed by the BADMAILFROM environment variable or by the '-b' option. The '-b' option overrides the environment variable. If the output file is the qmail's badmailfrom control file, it appends the spammer's email id to the file. If the output file is anything other than 'badmailfrom', the count of emails against the spammer is also appended to the file. Entries already present in the control files 'badmailfrom' and 'spamignore' are ignored and not maintained in the hash table. The entries in 'spamignore' can have shell wild cards for pattern matching. If an entry starts with a '@' sign, all emails from the domain following the '@' sign will be ignored and not be treated as spammers. The hash table has a fixed compile time size of 5000, which can be changed by defining the ENVIRONMENT variable MAXADDR.
In synchronize mode, chowkidar synchronizes the contents of the badmailfrom file with a master copy maintained on hostcntrl. It updates the master copy with entries which are more recent in the badmailfrom file. It also updates the badmailfrom file with entries which are more recent in the master copy. The master copy is the table 'badmailfrom' if the filename is badmailfrom; and the table 'spam' if the filename is anything other than badmailfrom. The default badmailfrom file is "badmailfrom" which can be changed by setting the '-b' option. This mode allows multiple hosts to synchronize their copies of badmailfrom with a central master copy and also replicate changes across all participating hosts running chowkidar.
The same logic applies to badrcptto control file. Except that '-b' gets replaced with '-t' and '-B' gets replaced with '-T'. In this case, count is done against the recipients. The default file 'badrcptto' can be changed by the '-t' option.
The same logic applies to spamdb control file. Except that '-b' gets replaced with '-s' and '-B' gets replaced with '-S'. In this case, count is done against the recipients. The default file 'spamdb' can be changed by setting the '-s' option.
Administrators can set up chowkidar in cron(1) to undertake automated anti-spam measures. Depending on the qmail-send's log file generation rate, the frequency can be every 30 min for a light system, every 2 hours for a medium system and every 4-6 hours for a heavy system. For a heavy system, remember to set the MAXADDR environment variable appropriately before running chowkidar. i.e. If the incoming rate is around 1 million mails/day and you are running chowkidar every 6 hrs, set MAXADDR to 250000 (mail_count_per_day * frequency / 24). The tool is especially useful if you are running multiple hosts and you want a spammer detected on any one of the hosts to be reflected on all hosts (synchronize mode of operation).
-v
Sets verbose option
-V
Display Version Number
-f filename
The qmail SMTP/deliver log file. If not given, the file defaults to
stdin.
-b output_file
file in badmailfrom format. If not given, the environment variable
BADMAILFROM is used. If the environment variable is also not defined,
the badmailfrom file defaults to the qmail control file 'badmailfrom'.
Input should be qmail-send log file.
-B
If '-b' option is not used, this can be set to indicate badmailfrom
format. Additionaly chowkidar will cd to qmail's control directory.
-t output_file
file in badrcptto format. If not given, the environment variable
BADRCPTTO is used. If the environment variable is also not defined, the
badrcptto file defaults to the qmail control file 'badrcptto'. Input
should be qmail-send log file.
-T
If '-t' option is not used, this can be set to indicate badrcptto
format. i.e. recipients are to be blocked (spammers generally get lot of
bounces). A socially responsible ISP for example can use this option to
prevent their own users from spamming. Additionaly chowkidar will cd
to qmail's control directory.
-s output_file
Input should be qmail-smtpd log file. The output file will be spamdb.
Additionally, qmail-cdb will be run to create spamdb.cdb.
-S
If '-s' option is not used, this can be set to indicate spamdb format.
In this option, chowkidar does cd to qmail's control directory.
-n count
Mail count from senders - above which the sender should be treated as a
spammer.
-r
Synchronize mode of operation. This mode synchronizes local
badmailfrom/badrcptto/spamdb file with a master copy maintained on
hostcntrl.
-q
quiet mode. This mode will not display the list of spammers on stderr.
RETURN VALUE Returns 0 for success, 1 for any failure.