Re: [Exim] Blocking incessant relay testers with Exim 4

Top Page
Delete this message
Reply to this message
Author: James P. Roberts
Date:  
To: exim-users
New-Topics: [Exim] :fail: message?
Subject: Re: [Exim] Blocking incessant relay testers with Exim 4
>Here's something I run on my linux server to block IP addresses.
>

<snip>

I really like the basic idea. Now, is there some way we can
automatically add an IP address to the list to block, but only for a
finite time? Specifically, I would like to block an IP address for a
specified period of time, (say, 5 minutes), if they happen to send me an
html request for, oh, say, "cmd.exe" (reference Code Red virus). I know
that, with a Linux server, the Code Red virus "only" fills up my log
files, but it is also running about 30% of my internet connection
kilobytes! Just to tell the offending site, multiple times, that "file
not found."

I know this is kind of off-topic, and I apologize, but the Exim
community is a very bright bunch, and I think there is a potential for
cross-fertilization of methods... I ask for your opinions.

If we can come up with a clean solution for html requests, I suspect we
can launch the same script (or whatever) from within Exim to block
repeated junk from IP addresses that meet certain criteria, without
having to block said IP forever, since the IP may be re-assigned to a
different user soon anyway (reference DHCP).

Any suggestions of comments?

Jim Roberts
Punster Productions, Inc.