Re: [exim] sudo - iptables trick

Top Page
This message is part of the following thread:
M-+-+\the complete thread tree sorted by date
M\M\MMStephen Gran at <-
MMMMTim Jackson at ->
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: Marc Perkel
CC: exim-users
Subject: Re: [exim] sudo - iptables trick
Marc Perkel wrote:

> Basicly my idea is that when a dictionary tack occurs I want to block
> the IP address for a short period of time as a load reduction trick with
> the chain being cleared every few minutes.

I've been doing this for a few months with very good results. Not to
reduce the load, but unclutter the logs :)

Everyone submitting spam or being matched against an RBL is put on the
blacklist for five minutes. This does wonders for the log size and
readability.

I do this via a script I called "timeban". It's universal so it can be
used for other blocking purposes as well. Handles management of a
blocking chain. Can also manage counters per-IP so you can block IPs
after multiple infractions ... useful for SSH dictionary "attacks" too.

Maybe I'll write some short docs next week and put it in the wiki.

/tom




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Re: spam_score_int signed or unsigned?Re: [exim] Re: spam_score_int signed or unsigned?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)