Re: [exim] 5 Minute Penalty Box

Top Page
Delete this message
Reply to this message
Author: Chris McKeever
Date:  
To: Marc Perkel
CC: exim-users
Subject: Re: [exim] 5 Minute Penalty Box
I like this idea --

what happens is someone gets in the penalty box at minute 4 - are they
only in for a minute - or are you flushing based on being in for 5
minutes and they are time stamped as to when they got in there - your
explanaiton just sounded like every 5 minutes it was flushed

or do you run the log check - add the reciepients to the penalty box -
wait 5 minutes - clear the penalty box - and then start over?

how do you keep track of the last point you parsed the logs??


On Fri, 18 Feb 2005 16:56:54 -0800, Marc Perkel <marc@???> wrote:
> Trying a new trick to stop dictionary attacks where I'm looking at the
> logs and seeing someone hitting the server over and over and getting
> failed recipient responses.
>
> So - after one attempted message to a failed recipient I add the from
> address to a list and the next time I return a temporary error. The list
> is cleared every 5 minutes so if someone sent something innocently -
> they are only blocked for 5 minutes.
>
> But - someone probing for email addresses only get to do it once every 5
> minutes. All their other attempts are blocked.
>
> Anyhow - I'm still experimenting with the verious penalty box ideas and
> hoping to inspire others to get interested.
>
> Penalty box is different than greylisting in that everyone is innocent
> until proven guilty. They get one shot and if they sin - then they are
> penalized for a period of time. The main focus are offenders who keep at
> it and increase server load.
>
> --
> Marc Perkel - marc@???
>
> Spam Filter: http://www.junkemailfilter.com
>    My Blog: http://marc.perkel.com
> My Religion: http://www.churchofreality.org
> ~ "If it's real - we believe in it!" ~

>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>



--
----------------------------------
please respond to the list .. if you need to contact me direct
cgmckeever is the account
prupref.com is the domain

<A href="http://www.prupref.com">Simply Chicago Real Estate</A>