lobster is being reimagined. (2017-02-14)
lobster is the Logfile Based policy Service for posTfix and Effects Remediator (yes, it's a stretch), a Postfix/MySQL policy tool written in PHP that provides a framework for managing abuse and the fallout caused by abuse. lobster was created after being unable to find a suitable solution for Postfix to mitigate damage to SMTP service caused by abused/compromised user accounts and the fallout that results from such abused/compromised accounts.
lobster was written in something of a hurry, as the result of a
user's account credentials being compromised to inject around 650,000 spam
mails into Postfix's queue. The time spent flushing the queue,
and dealing with blacklisting and damage to the reputation of the mail
server led to the creation of lobster.
You can ask for
help with lobster on the mailing list.
lobster has been implemented as a plugin-oriented log scanner
framework. This means without plugins, lobster does
nothing. When there are plugins present, lobster daemonizes if
configured to do so, loads the plugins, continually reads the log files
they request, and passes to the plugins the data that's been read.
The plugins then parse the data and do something with it. lobster
manages reading config files, parsing command lines, signal handling, and
daemonizing. Plugins only have to do something with the log data,
everything else is provided by lobster.
View the current: README • manpage
• License (GPL)
Requires Postfix 2.8 or newer with MySQL support, PHP CLI with MySQL
support 5.3 or newer (command line interface) with PCRE, PCNTL, POSIX, and
MySQL 5.x or newer. Can make use of iptables to firewall IP
addresses of abuse sources.