On 2016-04-29, Phillip Carroll <postmaster@???> wrote: > Hello all,
>
> My main idea now is to refuse connection using a much smaller
> self-maintained filter file that contains a list of IPs of "known bad
> actors". Where I am stymied on that is knowing how to add entries to the
> filter file inside exim, at the time AUTH is attempted (or perhaps other
> objectionable activity). I presume a custom logging file would not work
> because it would always be open while exim is running, so could not be
> opened for filtering.
>
> Any help appreciated (including better ideas).
consider fail2ban, or some other event-triggered ip firwall.