Re: [exim] spammers IP ban

Top Page
Delete this message
Reply to this message
Author: Mathieu Roy
Date:  
To: exim-users
Subject: Re: [exim] spammers IP ban
Le Vendredi 24 Février 2006 20:18, Eric Fox a écrit :
> I do something similar to this. When I've rejected a message as known
> spam, a log entry is posted in maillog. I then use logsurfer to monitor
> maillog for these entries. Logsurfer parses out the IP and passes it on
> to a script that temporarily adds a blocking rule to the firewall, and
> comes back a while later to remove the rule.
>
> This could probably also be done from a router & transport combination as
> well. I used logsurfer because I was already using it for other purposes.


Hello,

I found the idea of relying on logs checker interesting and I followed it to
write "See you later".

Basically, it studies logs and expect to find the string ++BAN:IP++. If it
founds this, it stores it in a mysql database. And then, another script
update /etc/hosts.deny according to the database.

I did not spent time to work on integrating this more into Exim because
actually I prefer to have a rather simple exim setup, not embedding too much
things. And I was not prepared to spend time to write client/server model
like spamc/spamd to make something that truly scale - and starting perl new
process each time a spam is caught is a no go.

The drawback is the delay between the time the spam is caught and the actual
ban.

But so far it seems to work properly.

https://gna.org/projects/seeyoulater/

Regards,

--
Mathieu Roy

+
  | Thalie  : <http://yeupou.coleumes.org/> 
  | Clio    : <http://clio.coleumes.org/>       
  | Euterpe : <http://crap.is.free.fr/>
  |           <http://kromaniaks.coleumes.org/>

+-----------------------------------------------------------+