[Mimedefang] Graphing $helo sspoof attempts
Philip Clever
philip at turquoise.net
Fri Oct 3 16:49:03 EDT 2003
Has anyone setup graph defang to graph HELO spoofs? I tried but am not
getting any data returned. Here's what I've attempted:
elsif ($helo =~ /mydomain\.net$/i) {
if ($hostip ne '127.0.0.1' and
$hostip !~ /^xx\.xx\.xxx\.\d{1,3}$/ and
$hostip !~ /^xx\.xx\.xx\.\d{1,3}$/ and
$hostip !~ /^xx\.xx\.xxx\.\d{1,3}$/ and
$hostip !~ /^xx\.xx\.xxx\.\d{1,3}$/ and
$hostip !~ /^xx\.xx\.xxx\.\d{1,3}$/ and
$hostip !~ /^xx\.xx\.xxx\.\d{1,3}$/ and
$hostip !~ /^xx\.xxx\.xxx\.\d{1,3}$/ and
$hostip !~ /^xx\.xxx\.xxx\.\d{1,3}$/) {
md_log ('helo', $helo, $hostip);
return ('REJECT', "Connect rejected! - $hostip is not
mydomain.net");
}
}
And I have this in the graphdefang-config file:
<snip>
#-------------------------------------------------------------
%GraphSettings = ();
%GraphSettings = (
'data_types' => ['helo'],
'graph_type' => 'stacked_bar',
'grouping' => 'value1',
'value1_title' => 'Spoofed HELO',
'top_n' => '9',
'grouping_times'=> ['hourly','daily','monthly'],
);
push @GRAPHS, { %GraphSettings };
#-------------------------------------------------------------
%GraphSettings = ();
%GraphSettings = (
'data_types' => ['helo'],
'graph_type' => 'stacked_bar',
'grouping' => 'value2',
'value2_title' => 'Spoofed HELO Real IP',
'top_n' => '9',
'grouping_times'=> ['hourly','daily','monthly'],
);
push @GRAPHS, { %GraphSettings };
</snip>
Am I missing something?
-Philip
More information about the MIMEDefang
mailing list