On 2022-07-15, Evgeniy Berdnikov via Exim-users <exim-users@???> wrote:
> On Fri, Jul 15, 2022 at 01:54:56PM +0100, Julian Bradfield via Exim-users wrote:
>> I should like exim to drop the connection on a client AUTH failure.
>> (Because as soon it's seen in the log, fail2ban will DROP the client IP,
>> and so the exim process will hang around until the SMTP session times
>> out.)
>
> Note that fail2ban is not a realtime service, it scans logs in timely
> manner (typically by cron, every 10-15 min). So probability for active
> connection to be blocked by fail2ban is very low.
Yes, it is a realtime service, at least in my system.
> Nevetheless, if you want to keep active connections unblocked, you may
> insert before fail2ban's rules your own rule, which allows packets for
> established connection to be passed. Example for Linux:
>
> iptables -I INPUT 1 -p tcp -m multiport --destination-ports 25,465,587 \
> -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Ah, I'm not well up on iptables, so hadn't thought of that. Thanks!