I do something similar to this. When I've rejected a message as known
spam, a log entry is posted in maillog. I then use logsurfer to monitor
maillog for these entries. Logsurfer parses out the IP and passes it on
to a script that temporarily adds a blocking rule to the firewall, and
comes back a while later to remove the rule.
This could probably also be done from a router & transport combination as
well. I used logsurfer because I was already using it for other purposes.
---
/\---/\ Eric J Fox
/ o o \ Small Business Computer Support
\.\ /./ in the Phoenix Metropolitan Area
\@/ http://www.bsdsystems.com/support/
On Fri, 24 Feb 2006, Mathieu Roy wrote:
> Hello,
>
> I'm of the admins of Gna! (http://gna.org), a software development platform
> sponsored by the FSF France.
>
> We have an antispam policy composed of DSNBL checks at SMTP time and
> spamassassin checks afterwards (tagging mails sent to users, redirecting
> spams to a dedicated "spam list" mails sent to mailing-lists, deleting such
> mails getting score higher to 13).
>
> I'd like to keep do IP bans for boxes that send us spam. For instance, to do
> such ban if we are in case of "deny" at SMTP time due to DNSBL or in a case
> of a mail that got a spamassassin score higher than 13.
>
> This would be a short ban, for say one hour, just to make ineffective the
> spammer/virus that would have to find another @domain to spam at least for
> the next hour, without costing too much in case a legitate user was affected
> by this ban
>
> Exim is using through xinetd, so xinetd could do the filtering by itself,
> provided we give to him appropriate IPs (drawback: it requires to restart
> xinetd each time we would like to update the list to get no_access taken into
> account; unless we somehow find a way to use the sensors mechanism for this
> purpose).
>
> I've searched a bit on the internet, indeed in the Exim FAQ, but found nothing
> helpful to me. Did I miss something?
>
> If not, any suggestions?
>
> Regards,
>
>
> --
> Mathieu Roy
>
> +---------------------------------------------------------------------+
> | General Homepage: http://yeupou.coleumes.org/ |
> | Computing Homepage: http://alberich.coleumes.org/ |
> | Not a native english speaker: |
> | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english |
> +---------------------------------------------------------------------+
>
