[prev in list] [next in list] [prev in thread] [next in thread]
List: exim-users
Subject: Re: [exim] spammers IP ban
From: Mathieu Roy <yeupou () coleumes ! org>
Date: 2006-02-25 23:09:37
Message-ID: 200602260009.41692 () eos ! attique ! ici
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Le Vendredi 24 Février 2006 20:18, Eric Fox a écrit :
> I do something similar to this. When I've rejected a message as known
> spam, a log entry is posted in maillog. I then use logsurfer to monitor
> maillog for these entries. Logsurfer parses out the IP and passes it on
> to a script that temporarily adds a blocking rule to the firewall, and
> comes back a while later to remove the rule.
>
> This could probably also be done from a router & transport combination as
> well. I used logsurfer because I was already using it for other purposes.
Hello,
I found the idea of relying on logs checker interesting and I followed it to
write "See you later".
Basically, it studies logs and expect to find the string ++BAN:IP++. If it
founds this, it stores it in a mysql database. And then, another script
update /etc/hosts.deny according to the database.
I did not spent time to work on integrating this more into Exim because
actually I prefer to have a rather simple exim setup, not embedding too much
things. And I was not prepared to spend time to write client/server model
like spamc/spamd to make something that truly scale - and starting perl new
process each time a spam is caught is a no go.
The drawback is the delay between the time the spam is caught and the actual
ban.
But so far it seems to work properly.
https://gna.org/projects/seeyoulater/
Regards,
--
Mathieu Roy
+
| Thalie : <http://yeupou.coleumes.org/>
| Clio : <http://clio.coleumes.org/>
| Euterpe : <http://crap.is.free.fr/>
| <http://kromaniaks.coleumes.org/>
+-----------------------------------------------------------+
[Attachment #5 (application/pgp-signature)]
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic