On 25/02/06, Mathieu Roy <[EMAIL PROTECTED]> wrote: > Le Vendredi 24 Février 2006 20:18, Eric Fox a écrit: > > I do something similar to this. When I've rejected a message as known > > spam, a log entry is posted in maillog. I then use logsurfer to monitor > > maillog for these entries. Logsurfer parses out the IP and passes it on > > to a script that temporarily adds a blocking rule to the firewall, and > > comes back a while later to remove the rule. > > > > This could probably also be done from a router & transport combination as > > well. I used logsurfer because I was already using it for other purposes. > > Hello, > > I found the idea of relying on logs checker interesting and I followed it to > write "See you later". > > Basically, it studies logs and expect to find the string ++BAN:IP++. If it > founds this, it stores it in a mysql database. And then, another script > update /etc/hosts.deny according to the database.
I do something almost identical, except the final step is to list the offending IP in a local DNSBL which runs under rbldnsd. Reloading rbldnsd is low-cost (compared with updating iptables), so it can happen once per minute if changes are detected. Peter -- Peter Bowyer Email: [EMAIL PROTECTED] Tel: +44 1296 768003 VoIP: sip:[EMAIL PROTECTED] VoIP: [EMAIL PROTECTED] FWD: **275*5048707000 VoipTalk: **473*5048707000 -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
