On 10/08/16 12:17, Dean Hamstead wrote: > Hi All
>
> Its easy enough to add a rule to the exim config to always reject
> connections which HELO ylmf-pc. However they still seem to hammer away.
>
> Has anyone come up with anything slick to block the ip address of
> clients that make a ylmf-pc request?
>
> Log tailing would be ok, but it seems that an external program could
> fairly easily be called (denyhosts or similar)
fail2ban works exceptionally well for blocking these attempts.
Can either have it specifically block their attempts on first
occurrence, and/or broaden the net to include any IP that repeatedly
fails to auth.