Re: [exim] 5 Minute Penalty Box

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMarc Perkel at <-
MJim Roberts at ->
Delete this message
Reply to this message
Author: Matt Fretwell
Date:  
To: exim
Subject: Re: [exim] 5 Minute Penalty Box
Marc Perkel wrote:


> >how do you keep track of the last point you parsed the logs??
> >
> >
> >
> The whole thing is based on simplicity. Yes - if they hit me 4 minutes
> in then they are only in for one minute. But - if they are hammering me
> then once they do it in the next window they are locked out for 5 more
> minutes. The idea is if they are hitting me 100 times a minute like some
> of them do - I only have to actually look at one out of 500 attempts.
> Which is a serious drop in system load.
>
> Yes - it could be done with mysql and be elegant - but that would create
> the kind of overhead I'm trying to avoid. I'm just tring to stop the
> hammering.


Not trying to pee on your bonfire :), but have you thought of just
blocklisting a sender|client who has hit a certain reject amount within a
specified period, and putting a contact address in the rbl reply? Then
whitelist the rbl contact address for everyone except certain permanently
blocked, (and staying that way), clients|senders|helo's. That way, they
get an address, (and message to that effect), that they *CAN* contact if
the block is a mistake.

It would appear you are trying to make too much work for yourself with
this one:)


Matt


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Debian as a 'Special Case' for EximRe: [exim] Debian as a 'Special Case' for Exim->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)