Re: [Exim] Blocking incessant relay testers with Exim 4

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Marc Perkel
Dátum:  
Címzett: exim-users
Tárgy: Re: [Exim] Blocking incessant relay testers with Exim 4
--
[ Picked text/plain from multipart/alternative ]
I had a tempory/dirty solution when I used NT.

When you set up you IP addresses under "Advanced" what you add
additional IP's other than your main one - add the IP you want to block
as if it were an IP on your computer. Since your computer thinks it owns
the offending IP it can't talk to it externally - and therefore it is
effectively blocked.

It's dirty - but it does work.

James P. Roberts wrote:

>>Here's something I run on my linux server to block IP addresses.
>>
>>
>>
><snip>
>
>I really like the basic idea. Now, is there some way we can
>automatically add an IP address to the list to block, but only for a
>finite time? Specifically, I would like to block an IP address for a
>specified period of time, (say, 5 minutes), if they happen to send me an
>html request for, oh, say, "cmd.exe" (reference Code Red virus). I know
>that, with a Linux server, the Code Red virus "only" fills up my log
>files, but it is also running about 30% of my internet connection
>kilobytes! Just to tell the offending site, multiple times, that "file
>not found."
>
>I know this is kind of off-topic, and I apologize, but the Exim
>community is a very bright bunch, and I think there is a potential for
>cross-fertilization of methods... I ask for your opinions.
>
>If we can come up with a clean solution for html requests, I suspect we
>can launch the same script (or whatever) from within Exim to block
>repeated junk from IP addresses that meet certain criteria, without
>having to block said IP forever, since the IP may be re-assigned to a
>different user soon anyway (reference DHCP).
>
>Any suggestions of comments?
>
>Jim Roberts
>Punster Productions, Inc.
>
>
>
>--
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
>
>


--