[prev in list] [next in list] [prev in thread] [next in thread]
List: exim-users
Subject: Re: [exim] spammers IP ban
From: "Peter Bowyer" <peeebeee () gmail ! com>
Date: 2006-02-27 12:55:20
Message-ID: 56152ae90602270455q10dc8ab3n () mail ! gmail ! com
[Download RAW message or body]
On 25/02/06, Mathieu Roy <yeupou@coleumes.org> wrote:
> Le Vendredi 24 Février 2006 20:18, Eric Fox a écrit:
> > I do something similar to this. When I've rejected a message as known
> > spam, a log entry is posted in maillog. I then use logsurfer to monitor
> > maillog for these entries. Logsurfer parses out the IP and passes it on
> > to a script that temporarily adds a blocking rule to the firewall, and
> > comes back a while later to remove the rule.
> >
> > This could probably also be done from a router & transport combination as
> > well. I used logsurfer because I was already using it for other purposes.
>
> Hello,
>
> I found the idea of relying on logs checker interesting and I followed it to
> write "See you later".
>
> Basically, it studies logs and expect to find the string ++BAN:IP++. If it
> founds this, it stores it in a mysql database. And then, another script
> update /etc/hosts.deny according to the database.
I do something almost identical, except the final step is to list the
offending IP in a local DNSBL which runs under rbldnsd. Reloading
rbldnsd is low-cost (compared with updating iptables), so it can
happen once per minute if changes are detected.
Peter
--
Peter Bowyer
Email: peter@bowyer.org
Tel: +44 1296 768003
VoIP: sip:peter@bowyer.org
VoIP: *5048707000@sipbroker.com
FWD: **275*5048707000
VoipTalk: **473*5048707000
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic