Re: [exim] spammers IP ban

Top Page
Delete this message
Reply to this message
Author: Eric Fox
Date:  
To: Mathieu Roy
CC: exim-users
Subject: Re: [exim] spammers IP ban
I do something similar to this. When I've rejected a message as known
spam, a log entry is posted in maillog. I then use logsurfer to monitor
maillog for these entries. Logsurfer parses out the IP and passes it on
to a script that temporarily adds a blocking rule to the firewall, and
comes back a while later to remove the rule.

This could probably also be done from a router & transport combination as
well. I used logsurfer because I was already using it for other purposes.

---
  /\---/\  Eric J Fox
 /  o o  \ Small Business Computer Support
 \.\   /./ in the Phoenix Metropolitan Area
    \@/    http://www.bsdsystems.com/support/




On Fri, 24 Feb 2006, Mathieu Roy wrote:

> Hello,
>
> I'm of the admins of Gna! (http://gna.org), a software development platform
> sponsored by the FSF France.
>
> We have an antispam policy composed of DSNBL checks at SMTP time and
> spamassassin checks afterwards (tagging mails sent to users, redirecting
> spams to a dedicated "spam list" mails sent to mailing-lists, deleting such
> mails getting score higher to 13).
>
> I'd like to keep do IP bans for boxes that send us spam. For instance, to do
> such ban if we are in case of "deny" at SMTP time due to DNSBL or in a case
> of a mail that got a spamassassin score higher than 13.
>
> This would be a short ban, for say one hour, just to make ineffective the
> spammer/virus that would have to find another @domain to spam at least for
> the next hour, without costing too much in case a legitate user was affected
> by this ban
>
> Exim is using through xinetd, so xinetd could do the filtering by itself,
> provided we give to him appropriate IPs (drawback: it requires to restart
> xinetd each time we would like to update the list to get no_access taken into
> account; unless we somehow find a way to use the sensors mechanism for this
> purpose).
>
> I've searched a bit on the internet, indeed in the Exim FAQ, but found nothing
> helpful to me. Did I miss something?
>
> If not, any suggestions?
>
> Regards,
>
>
> --
> Mathieu Roy
>
>   +---------------------------------------------------------------------+
>   | General Homepage:           http://yeupou.coleumes.org/             |
>   | Computing Homepage:         http://alberich.coleumes.org/           |
>   | Not a native english speaker:                                       |
>   |     http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english  |
>   +---------------------------------------------------------------------+

>