On Thu, 8 Aug 2019, Richard Jones via Exim-users wrote:
> From: Richard Jones via Exim-users <exim-users@???>
> To: exim-users@???
> Date: Thu, 8 Aug 2019 11:22:57
> Subject: Re: [exim] detecting overly frequent smtp from real user
> Reply-To: Richard Jones <exim@???>
...
> I did some work for Oxford University ages ago, and they used SEC to
> parse the logs, count up failed SMTP transactions for users/IP addresses
> and block once it exceeded a threshold.
>
> SEC was a bit messy, I would probably look at using Fail2Ban with a
> custom action script to do that now.
A long, long time ago -- back in 2006 -- Tom Kistner described how
he did this with a couple of perl scripts. See:
https://lists.exim.org/lurker/message/20060416.091402.c5100b67.en.html
and:
https://lists.exim.org/lurker/message/20060502.201702.5ae738bb.en.html
I remember using these perl scripts to good effect for a short
while.
The site holding the scripts seems to have disappeared, but I
*think* I've still got copies squirrelled away somewhere.
--
Dennis Davis <dennisdavis@???>