Marc Perkel wrote: > Basicly my idea is that when a dictionary tack occurs I want to block > the IP address for a short period of time as a load reduction trick with > the chain being cleared every few minutes.
I've been doing this for a few months with very good results. Not to reduce the load, but unclutter the logs :) Everyone submitting spam or being matched against an RBL is put on the blacklist for five minutes. This does wonders for the log size and readability. I do this via a script I called "timeban". It's universal so it can be used for other blocking purposes as well. Handles management of a blocking chain. Can also manage counters per-IP so you can block IPs after multiple infractions ... useful for SSH dictionary "attacks" too. Maybe I'll write some short docs next week and put it in the wiki. /tom -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
