Autor: Wouter Verhelst Data: A: John Hall CC: exim-users Assumpte: Re: [exim] Running some code rather than having exim log stuff
On Wed, Mar 21, 2007 at 03:12:53PM +0000, John Hall wrote: > On 21/03/07, Wouter Verhelst <w@???> wrote:
>
> > Sure enough, this is a spammer (the "gb30472" local part has never
> > existed at my domain; it's part of a mutt message-ID that is listed on
> > lists.debian.org). When this happens (a host disconnecting without
> > properly saying goodbye after giving an invalid local part), I'd like to
> > add them to a database so that I can use that as a data point in further
> > connection attempts; if they do a sufficient amount of "bad things",
> > I'll assume they're spammers and will block them.
>
> Wouter,
>
> I do something similar, but I have a separate process that tails the
> exim log file and maintains the database. Once a host has done a
> sufficient number of bad things it adds the IP to a list in a file
> which is referenced in the ACLs.
Yeah, I considered that too; but it's a bit more complex (requires me to
parse data in the mainlog file, chop it into useful bits, and throw that
into a database, rather than just incrementing an acl variable and
running some code when it reaches a certain value). Also, parsing a log
file makes it harder to drop a connection from my end if I consider them
to be "bad" during the connection (the unexpected disconnection would be
just one data point; there are more that I want to look for).
That's why I was hoping this'd be possible from the ACL itself. If it
isn't, I guess I'll have to bite the bullet.
--
<Lo-lan-do> Home is where you have to wash the dishes.
-- #debian-devel, Freenode, 2004-09-22