-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mail::Abuse - A suite of tools to parse and process abuse reports
Abuse desks charged with the task of responding to abuse complaints against its users face a time consuming and complex challenge. It's my belief that this is one of the contributing reasons for the general lack of response that can be observed in many network operations in these days.
I wrote this module bundle to help with the first steps of the abuse management process, namely the correlation and identification of the abuse sources within your own network. This is discussed in much more detail on my 3 part article "Implementing an Effective Abuse Management Process", published in SysAdmin magazine on June, July and August 2005. You should grab it if you have a chance, as this series also includes a tutorial on how to set up your Mail::Abuse platform.
This bundle includes various modules with different purposes, as seen below:
Mail::Abuse - Main class, where docs for the package are
kept
::Report - The "coordinator" class that encapsulates
the read - parse - filter - process cycle
automatically.
::Incident - Base class for all the parsers. A parser can
obtain individual incidents from a report by
analyzing its text.
::* - This package includes various incident
parsers. New additions will be inclued in
the Mail::Abuse manpage.
::Filter - Base class for incident filters. This allows
the software to discard incidents which are
not interesting to you.
::* - The incident filters that are included with
this package.
::Reader - Base class for all report readers. A reader
fetches a message and adds it to a Report
object so that the cycle can be executed.
::* - The different readers included with this
distribution. You'll be most interested in
Mail::Abuse::Reader::POP3, which can detch
reports from a POP3 mailbox.
::Processor - The base class for all the
processors. Processors can act on each
individual report or incident.
::* - The processors included in this bundle.
I would love to see the maintainers from log aggregation services to also write a corresponding ::Incident::myAggregator so that more people can start responding to their messages quickly.
Additionally to the modules, a number of scripts that should be useful to people managing abuse desks is included. See the included bin/ directory for more information, as each script includes its own documentation. These scripts are not intended to abuse or otherwise sabotage any site or facility. You should seek permission from the corresponding site owners if bulk usage of these scripts is expected. You'll understand this warning a bit better when you look at the scripts.
To install, follow the standard CPAN recipe of:
$ perl Makefile.PL
$ make
$ make test
If all tests pass, then do
$ make install
The test suite includes a lot of cases. Note that all tests require Test::More. The module's documentation can be accessed through POD. After installing the module, you can do
$ perldoc Mail::Abuse
to access the documentation. Of course, there are many other modules inside. Each one has its own documentation.
Bug reports are welcome. Please do not forget to tell me what version/platform are you running this code on. Providing a small piece of code that shows the bug helps me a lot in sorting it out and possibly in writting more tests for the distribution. And definitely include the abuse report that caused the problem.
Also, this code is intended to be strict and -w safe, so please report cases where warnings are generated so that I can fix them.
Report your bugs to me (luismunoz@cpan.org).
DO YOU WANT TO THANK ME?
If you consider this a valuable contribution, there is a web page where you can express your gratitude. Please see
http://mipagina.cantv.net/lem/thanks-en.html (English)
http://mipagina.cantv.net/lem/thanks-es.html (Spanish)
SECURITY CONSIDERATIONS
I have no control on the machanisms involved in the storage or transport of this distribution. This means that I cannot guarantee that the distribution you have in your hands is indeed, the same distribution I packed and uploaded.
Along the distribution file, you should have a file with the extension ".asc". This contains a GPG "detached signature" that makes it impossible for anybody to alter this distribution. If security is of any concern to you, by all means verify the signature of this file and contact the author if any discrepancy is detected.
You can find more information about this at the following URL
http://mipagina.cantv.net/lem/gpg/
This information includes the correct keys, fingerprints, etc.Note that this README file should also be signed.
LICENSE AND WARRANTY
This software is (c) Luis E. Muñoz. It can be used under the terms of the perl artistic license provided that proper credit for the work of the author is preserved in the form of this copyright notice and license for this module.
No warranty of any kind is expressed or implied. This code might make
your computer go up in a puff of black smoke.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iD8DBQFELUbGQyDWGRI/hhARArTRAJ4mthg/GpLsVMuwvb/vEG2xMP5LNwCfa94s
jcEAsr19Q3A0VHbkoMnkVU4=
=RbOQ
-----END PGP SIGNATURE-----