#!/bin/bash
EXTIP=`ifconfig sis1 |grep 'inet ' |cut -d ' ' -f 2`

while : ;do

EVIL=`/usr/local/sbin/ngrep -n 1 -l -q -p -d sis1 "(^550.*Relaying denied|^553.*Domain of sender address.*does not exist|^503.*Polite people say HELO first|^501.*requires domain address|^553.*Domain name required for)" "tcp src port 25 and src host $EXTIP" |tr -cd "[:print:]" |tr -d "|~"`

EVIL2=`echo $EVIL |egrep -i 'T [0-9].* \-\> ' |cut -d' ' -f4 |cut -d':' -f1`

## make sure they're not tricking sendmail to block
if [[ `echo $EVIL |egrep -vi "^500 5\.5\.1 Command unrecognized:"` ]]
 then echo "`date` - $EVIL" |xargs >> /var/log/listenblock.log
 fi

## check if the host has pissed us off more than three times
if (( `cat /var/log/listenblock.log |grep $EVIL2 |wc -l |sed -e s/' '//g` > 3 )) ;then

 ## check lock file for blacklist access
 while [[ -f /tmp/.quickblock.lock ]] ;do
  sleep 5 ;done

 ## lock blacklists
 if [[ ! -f /tmp/.quickblock.lock ]] ;then
  touch /tmp/.quickblock.lock

  ## check if host is already in blacklist file
  if [[ ! `cat /etc/blacklist.smtp |grep $EVIL2` ]]
   then echo "$EVIL2" >> /etc/blacklist.smtp
   fi

  ## call pfctl to reload blacklist
  pfctl -t blacklist_smtp -T replace -f /etc/blacklist.smtp 1>/dev/null 2>/dev/null
  rm /tmp/.quickblock.lock
  fi
 fi

done