[prev in list] [next in list] [prev in thread] [next in thread] 

List:       exim-users
Subject:    Re: [exim] spammers IP ban
From:       "Peter Bowyer" <peeebeee () gmail ! com>
Date:       2006-02-27 12:55:20
Message-ID: 56152ae90602270455q10dc8ab3n () mail ! gmail ! com
[Download RAW message or body]

On 25/02/06, Mathieu Roy <yeupou@coleumes.org> wrote:
> Le Vendredi 24 Février 2006 20:18, Eric Fox a écrit:
> > I do something similar to this.  When I've rejected a message as known
> > spam, a log entry is posted in maillog.  I then use logsurfer to monitor
> > maillog for these entries.  Logsurfer parses out the IP and passes it on
> > to a script that temporarily adds a blocking rule to the firewall, and
> > comes back a while later to remove the rule.
> >
> > This could probably also be done from a router & transport combination as
> > well. I used logsurfer because I was already using it for other purposes.
>
> Hello,
>
> I found the idea of relying on logs checker interesting and I followed it to
> write "See you later".
>
> Basically, it studies logs and expect to find the string ++BAN:IP++. If it
> founds this, it stores it in a mysql database. And then, another script
> update /etc/hosts.deny according to the database.

I do something almost identical, except the final step is to list the
offending IP in a local DNSBL which runs under rbldnsd. Reloading
rbldnsd is low-cost (compared with updating iptables), so it can
happen once per minute if changes are detected.

Peter

--
Peter Bowyer
Email: peter@bowyer.org
Tel: +44 1296 768003
VoIP: sip:peter@bowyer.org
VoIP: *5048707000@sipbroker.com
FWD: **275*5048707000
VoipTalk: **473*5048707000

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

[prev in list] [next in list] [prev in thread] [next in thread]