Here is the simplex script that I use to filter attacking sites. I should be easy to add your extra bits (email etc).

Cheers, Stephen

#! /bin/sh d=date +"%b %d" grep "$d" /var/log/mail/info.log|grep ruleset=check_rcp | gawk '{split($0,q,/[\[\]]/);print "/sbin/iptables -A INPUT -s " q[4] "/32 -j DROP"}' | sort -u > /tmp/fw$$ #reset iptable to base /etc/rc.d/rc.fw > /dev/null 2>&1 #add new filter(s) . /tmp/fw$$ rm -f /tmp/fw$$

--

Stephen Davies Consulting P/L Phone: 08-8177 1595 Adelaide, South Australia. Mobile:040 304 0583 Records & Collections Management.