Autor: Moritz Wilhelmy Fecha: A: exim-users Asunto: Re: [exim] open relay aftermath
Hi,
On Mon, Feb 14, 2011 at 10:49:49AM +1300, Jim Cheetham wrote: > On 14/02/11 06:59, Moritz Wilhelmy wrote:
> > Just a stupid idea, but you could make exim append tcp_wrappers rules to
> > /etc/hosts.deny or whereever it's located after a failed relay attempt? (in
> > case you use tcp_wrappers, that is)
>
> Not a good idea to change Exim like that. Actually, I believe it doesn't require to "change" the exim code for that. You
just need to append to a file, which I believe, exim already supports. Exim
already knows where the relay attempt came from, and tcp_wrappers support
include-directives (according to hosts_access(5), it can include files), so
including a /var/run/exim/hosts.deny from within the global config would be
possible as well, if you don't want to give exim write permissions on the
global tcp_wrapper configuration file(s).
Any objections?
> There are plenty of third-party apps like Fail2Ban and Denyhosts that
> can be configured to read through your logfiles looking for attackers,
> and then do any tcpwrappers/firewall configuration that you like. Denyhost only supports failed SSH logins, I think.
Can't tell anything about fail2ban, but why run another daemon if exim is
sufficient? Especially denyhosts (which I run) is very resource hungry in my
experience.
