From exim-users  Sat Feb 25 23:09:37 2006
From: Mathieu Roy <yeupou () coleumes ! org>
Date: Sat, 25 Feb 2006 23:09:37 +0000
To: exim-users
Subject: Re: [exim] spammers IP ban
Message-Id: <200602260009.41692 () eos ! attique ! ici>
X-MARC-Message: https://marc.info/?l=exim-users&m=114104264129402
MIME-Version: 1
Content-Type: multipart/mixed; boundary="--===============0247890504=="

--===============0247890504==
Content-Type: multipart/signed;
  boundary="nextPart3075311.Snq9gZ1dkr";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart3075311.Snq9gZ1dkr
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Le Vendredi 24 F=E9vrier 2006 20:18, Eric Fox a =E9crit=A0:
> I do something similar to this.  When I've rejected a message as known
> spam, a log entry is posted in maillog.  I then use logsurfer to monitor
> maillog for these entries.  Logsurfer parses out the IP and passes it on
> to a script that temporarily adds a blocking rule to the firewall, and
> comes back a while later to remove the rule.
>
> This could probably also be done from a router & transport combination as
> well. I used logsurfer because I was already using it for other purposes.

Hello,

I found the idea of relying on logs checker interesting and I followed it t=
o=20
write "See you later".

Basically, it studies logs and expect to find the string ++BAN:IP++. If it=
=20
founds this, it stores it in a mysql database. And then, another script=20
update /etc/hosts.deny according to the database.

I did not spent time to work on integrating this more into Exim because=20
actually I prefer to have a rather simple exim setup, not embedding too muc=
h=20
things. And I was not prepared to spend time to write client/server model=20
like spamc/spamd to make something that truly scale - and starting perl new=
=20
process each time a spam is caught is a no go.

The drawback is the delay between the time the spam is caught and the actua=
l=20
ban.

But so far it seems to work properly.

https://gna.org/projects/seeyoulater/

Regards,

=2D-=20
Mathieu Roy

  +
  | Thalie  : <http://yeupou.coleumes.org/>=20
  | Clio    : <http://clio.coleumes.org/>      =20
  | Euterpe : <http://crap.is.free.fr/>
  |           <http://kromaniaks.coleumes.org/>
  +-----------------------------------------------------------+

--nextPart3075311.Snq9gZ1dkr
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBEAOO1Nl9/9y2hmbkRAgtOAJ0aVqH9iUuB07ol3q1FkrtJlRqHyQCfZOd1
oDUNnAIS5SFijz5UN8sWR14=
=voA0
-----END PGP SIGNATURE-----

--nextPart3075311.Snq9gZ1dkr--


--===============0247890504==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
--===============0247890504==--