Author: W B Hacker Date: To: exim users Subject: Re: [exim] Sender callout verification on BATV signed addresses
David Saez Padros wrote: > Hi
>
>>> you need to read paniclog, extract lines with OLS_BLACKLIST and
>>> blacklist the found ip addresses
>>>
>> BTDT,GTTS.
>>
>> Inserting them into a PostgreSQL table makes it easier to manage duplicates.
>>
>> But around 956,342 entries realized the 'bots had a finite, but far larger yet
>> number of possible IP available to them, and it had become a fool's errand to
>> try to blacklist them in that manner.
>>
>> To much load on local resources. Computer OR your own..
>
> mmm ... we user mysql+cbd and have about 2 millions ip addresses blocked
> without having load problems, the advantatge of having your own
> blacklist (no matter how you blacklist ip's) is that using exim+cbd to
> reject at connect is very fast, takes very little resources and saves
> you a lot of resources doing other acl checks. With this system our
> record waas to reject 1,5 million connexions per day without taking our
> server down
>
Can you tell how many of those had already passed an rDNS check? (cached, ISTR)
And if not so checked, have you any metrics as to what the local lookup workload
vs the remote rDNS workload might have been?
NB: I DO use such a Local BL - but it is of entire networks or doamins, even a
few whole countries - not individual IP's. most of the time it holds only 300 to
600 unique entries.
Then too, chronic offenders get moved into ipfw or pf rulesets for even less load.