Autor: Peter Bowyer Fecha: A: exim users Asunto: Re: [exim] spammers IP ban
On 25/02/06, Mathieu Roy <yeupou@???> wrote: > Le Vendredi 24 Février 2006 20:18, Eric Fox a écrit:
> > I do something similar to this. When I've rejected a message as known
> > spam, a log entry is posted in maillog. I then use logsurfer to monitor
> > maillog for these entries. Logsurfer parses out the IP and passes it on
> > to a script that temporarily adds a blocking rule to the firewall, and
> > comes back a while later to remove the rule.
> >
> > This could probably also be done from a router & transport combination as
> > well. I used logsurfer because I was already using it for other purposes.
>
> Hello,
>
> I found the idea of relying on logs checker interesting and I followed it to
> write "See you later".
>
> Basically, it studies logs and expect to find the string ++BAN:IP++. If it
> founds this, it stores it in a mysql database. And then, another script
> update /etc/hosts.deny according to the database.
I do something almost identical, except the final step is to list the
offending IP in a local DNSBL which runs under rbldnsd. Reloading
rbldnsd is low-cost (compared with updating iptables), so it can
happen once per minute if changes are detected.
