> >how do you keep track of the last point you parsed the logs??
> >
> >
> >
> The whole thing is based on simplicity. Yes - if they hit me 4 minutes
> in then they are only in for one minute. But - if they are hammering me
> then once they do it in the next window they are locked out for 5 more
> minutes. The idea is if they are hitting me 100 times a minute like some
> of them do - I only have to actually look at one out of 500 attempts.
> Which is a serious drop in system load.
>
> Yes - it could be done with mysql and be elegant - but that would create
> the kind of overhead I'm trying to avoid. I'm just tring to stop the
> hammering.
Not trying to pee on your bonfire :), but have you thought of just
blocklisting a sender|client who has hit a certain reject amount within a
specified period, and putting a contact address in the rbl reply? Then
whitelist the rbl contact address for everyone except certain permanently
blocked, (and staying that way), clients|senders|helo's. That way, they
get an address, (and message to that effect), that they *CAN* contact if
the block is a mistake.
It would appear you are trying to make too much work for yourself with
this one:)