Re: [exim] Internal RBL

Góra strony
Delete this message
Reply to this message
Autor: Dennis Davis
Data:  
Dla: Andrew Kerich
CC: exim-users
Temat: Re: [exim] Internal RBL
On Fri, 28 Jan 2011, Andrew Kerich wrote:

> From: Andrew Kerich <andykerich@???>
> To: exim-users@???
> Date: Fri, 28 Jan 2011 16:13:48
> Subject: [exim] Internal RBL
>
> Has anyone implemented an Internal RBL to automatically block and
> unblock spamming IPs within their network?
> I am looking at a scenario like the way Greylisting works -
> temporarily blocks sender IPs and maintains a database that updates
> when it temporarily whitelists the IP which then bypasses greylist
> checks.
>
> In my case, i would require a solution in exim that would do the following;
>
> 1. If a sending IP has a spam score in amavis > 20, more than x times,
> then it should be dumped in a database which exim will use to
> temporarily block the IP
> 2. If the sending IP has not attempted to spam again in x days, then
> the entry is expired in the database
> 3. If the sending IP attempts to spam again while an entry for the IP
> is in the database, then the entry should be extended in the database
> for another x days.
>
> Any ideas appreciated.


Consider using software outside of exim to do this.

Back in May 2006 Tom Kistner (exim developer) announced his
"timeban" software on the exim-users mailing list:

http://lists.exim.org/lurker/message/20060502.201702.5ae738bb.en.html

That was a small perl script that used Linux iptables to maintain a
list of blacklisted hosts. Exim never saw connections from these
hosts as iptables blocked them.

This script should be able to do some of what you want and may be
extendable to do all of it.

Obviously Linux-specific, but should be adaptable for other
operating systems with a similar firewalling system. I recall
getting it to work well with the packet filtering (pf) on OpenBSD.

timeban doesn't seem to be available as stated in the above message.
But it looks like there's a copy at:

http://www.linwin.com/sysadmin/timeban
-- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@???               Phone: +44 1225 386101