[exim] Re: delay not kicking in

Etusivu
Poista viesti
Vastaa
Lähettäjä: Julian Bradfield
Päiväys:  
Vastaanottaja: exim-users
Aihe: [exim] Re: delay not kicking in
On 2023-06-04, Slavko via Exim-users <exim-users@???> wrote:
> But then there are RBLs which tracks botnets and/or login
> attempts. Have you enough capacity (a lot of servers/
> sensors/traps/... across of world) to identify them early?
> Or you identify them only after some amount of malicious
> attempts?


I identify them after one failed login attempt :)

At present, I block addresses for 1 day, and usually have around 12000
blocked addresses at any one time. One ban every few seconds is not a
significant use of resource.

> It is not only about SPAM, phishing and other related
> attempts. Are you interested to get the same scam
> from thousands compromised IPs? How it is useful?


I'm a small MTA, handling only relatives and one small sports club.
So I'm not a particularly heavy target.

I checked the other day - I reject very little at MTA level, but at
MUA level, my personal mail is about 75% obvious spam (that gets sent
to /dev/null by one of half a dozen simple rules), about 12% less
obvious spam (that goes to my "maybe spam" box), and about 12% ham.
I was actually surprised at the 75% spam level, since I never see it
(and have never had a problem with a false positive).


> It is especially hard to track these bads, as when botnet
> has a lot of IPs, they can repeat only after long time, but
> still to be too many different IPs daily. And the attackers


That's why I operate "one strike and you're out". This is occasionally
annoying when I'm setting up a new device and get the password wrong,
but I can live with that.


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/