Re: [exim] detecting overly frequent smtp from real user

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dennis Davis
Date:  
À: Richard Jones via Exim-users
Sujet: Re: [exim] detecting overly frequent smtp from real user
On Thu, 8 Aug 2019, Richard Jones via Exim-users wrote:

> From: Richard Jones via Exim-users <exim-users@???>
> To: exim-users@???
> Date: Thu, 8 Aug 2019 11:22:57
> Subject: Re: [exim] detecting overly frequent smtp from real user
> Reply-To: Richard Jones <exim@???>


...

> I did some work for Oxford University ages ago, and they used SEC to
> parse the logs, count up failed SMTP transactions for users/IP addresses
> and block once it exceeded a threshold.
>
> SEC was a bit messy, I would probably look at using Fail2Ban with a
> custom action script to do that now.


A long, long time ago -- back in 2006 -- Tom Kistner described how
he did this with a couple of perl scripts. See:

https://lists.exim.org/lurker/message/20060416.091402.c5100b67.en.html

and:

https://lists.exim.org/lurker/message/20060502.201702.5ae738bb.en.html

I remember using these perl scripts to good effect for a short
while.

The site holding the scripts seems to have disappeared, but I
*think* I've still got copies squirrelled away somewhere.
--
Dennis Davis <dennisdavis@???>