Abuse concept

Actual state:

Manuell

- Überlastung des Server (php, courier)

- Spamversand (scripts, sendmail)

- Abuse (Malware, Beschwerden, Copyright usw.)

Automatisch

- ClamAV (clamscan backupserver)

- cronjob bkpserver, 0 6 * * * /usr/local/bin/malware-scan.sh > /dev/null 2>&1

- generate rename script /backup*/malware_blocker.sh

- cronjob prod, 30 18 * * 1,2,3,4,5 perl /usr/local/bin/antimalware.pl >/dev/null 2>&1

- get malware_blocker.sh & execute

- send mail to customer

- Fail2ban Mailaccounts

- discarded_spam tag, x5 in 2 minutes, ban 24h

- /etc/fail2ban/ban_spammer.sh

- get auhtid, change pw, only local, check ftp/web users:

- generate mail for customer, /etc/fail2ban/emailsend.pl

- mailscript_url, http://orderdesk.hoststar.ch/mailbox_spam-h3EJJDIVsjhe084SEhr73S.php";

Target state:

everything must be trackable (f2b blocks, malware scan!)

integration in my area newsfeed()

redo whole concept, tbd