Am 25.07.2012 17:25, schrieb Duane Hill:
>> If i understood it correctly, this will create a file for each blocked
>> ip and check later if it exists.
> Incorrect. Only one file is used. Notice the double '>>'. Each IP is
> written to 'blocked_IPs'. I lookup is done somewhere else (I use the
> connect ACL).
>
acl_check_connect:
drop message = $sender_host_address locally blacklisted for a bruteforce \
auth (login+password) cracking attempt
condition = ${if exists{$spool_directory/blocked_IPs}}
condition = ${lookup{$sender_host_address}lsearch\
{$spool_directory/blocked_IPs}{1}{0}}
IMHO, that's even worse IO wise :(
Marius
