Take a look at fail2ban.
--
Jeremy McSpadden | Flux Labs
Local - 850-250-5590x501<tel:850-250-5590;501> | Mobile - 850-890-2543<tel:850-890-2543>
Fax - 850-254-2955<tel:850-254-2955> | Toll Free - 877-699-FLUX<tel:877-699-FLUX>
Web -
http://www.fluxlabs.net<
http://www.fluxlabs.net/>
On Apr 17, 2015, at 7:50 PM, Always Learning <exim@???<
mailto:exim@u65.u22.net>> wrote:
Exim 4.72 (Centos 6)
A MTA experienced 20 minutes (circa 1,722 attempts) of:
(from logwatch)
2015-04-17 22:56:16 SMTP protocol error in "AUTH LOGIN"
H=(SRV) [88.119.254.244]:50272 I=[xx.xx.xx.xx]:25 AUTH
command used when not advertised: 1 Time(s)
Have changed:-
smtp_accept_max = 5
smtp_accept_max_per_connection = 5
smtp_accept_max_per_host = 5
whilst assuming it will not prevent future abuse.
If I create acl_smtp_auth = acl_reject_auth
acl_reject_auth:
warn message = ${run{SHELL -c "PHP EXIM_ALERT
(code to bloke IP address in IPtables......)
deny message = (rejection message) ......
will this ACL only intercept log-on attempts ?
Thank you.
--
Regards,
Paul.
England, EU. Je suis Charlie.
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
