lobster is being reimagined. (2017-02-14)

lobster is the Logfile Based policy Service for posTfix and Effects Remediator (yes, it's a stretch), a Postfix/MySQL policy tool written in PHP that provides a framework for managing abuse and the fallout caused by abuse.  lobster was created after being unable to find a suitable solution for Postfix to mitigate damage to SMTP service caused by abused/compromised user accounts and the fallout that results from such abused/compromised accounts.

lobster was written in something of a hurry, as the result of a user's account credentials being compromised to inject around 650,000 spam mails into Postfix's queue.   The time spent flushing the queue, and dealing with blacklisting and damage to the reputation of the mail server led to the creation of lobster.



You can ask for help with lobster on the mailing list.


lobster has been implemented as a plugin-oriented log scanner framework.  This means without plugins, lobster does nothing.  When there are plugins present, lobster daemonizes if configured to do so, loads the plugins, continually reads the log files they request, and passes to the plugins the data that's been read.  The plugins then parse the data and do something with it.  lobster manages reading config files, parsing command lines, signal handling, and daemonizing.  Plugins only have to do something with the log data, everything else is provided by lobster.

License, Documentation:

View the current: README  manpage License (GPL)

Version history:

Requirements, Download(s):

Requires Postfix 2.8 or newer with MySQL support, PHP CLI with MySQL support 5.3 or newer (command line interface) with PCRE, PCNTL, POSIX, and MySQL 5.x or newer.  Can make use of iptables to firewall IP addresses of abuse sources.

Mailing List

Mailing list | Archives