Author: Tom Kistner Date: To: Marc Perkel CC: exim-users Subject: Re: [exim] sudo - iptables trick
Marc Perkel wrote:
> Basicly my idea is that when a dictionary tack occurs I want to block
> the IP address for a short period of time as a load reduction trick with
> the chain being cleared every few minutes.
I've been doing this for a few months with very good results. Not to
reduce the load, but unclutter the logs :)
Everyone submitting spam or being matched against an RBL is put on the
blacklist for five minutes. This does wonders for the log size and
I do this via a script I called "timeban". It's universal so it can be
used for other blocking purposes as well. Handles management of a
blocking chain. Can also manage counters per-IP so you can block IPs
after multiple infractions ... useful for SSH dictionary "attacks" too.
Maybe I'll write some short docs next week and put it in the wiki.
This message was posted to the following mailing lists: