Re: [exim] Sender callout verification on BATV signed addres…

Top Page
Delete this message
Reply to this message
Author: David Saez Padros
Date:  
To: W B Hacker
CC: exim users
Subject: Re: [exim] Sender callout verification on BATV signed addresses
Hi

>> you need to read paniclog, extract lines with OLS_BLACKLIST and
>> blacklist the found ip addresses
>>
>
> BTDT,GTTS.
>
> Inserting them into a PostgreSQL table makes it easier to manage duplicates.
>
> But around 956,342 entries realized the 'bots had a finite, but far larger yet
> number of possible IP available to them, and it had become a fool's errand to
> try to blacklist them in that manner.
>
> To much load on local resources. Computer OR your own..


mmm ... we user mysql+cbd and have about 2 millions ip addresses blocked
without having load problems, the advantatge of having your own
blacklist (no matter how you blacklist ip's) is that using exim+cbd to
reject at connect is very fast, takes very little resources and saves
you a lot of resources doing other acl checks. With this system our
record waas to reject 1,5 million connexions per day without taking our
server down

--
Best regards ...

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       telf    +34 902 50 29 75
----------------------------------------------------------------