Take a look at fail2ban. -- Jeremy McSpadden | Flux Labs Local - 850-250-5590x501<tel:850-250-5590;501> | Mobile - 850-890-2543<tel:850-890-2543> Fax - 850-254-2955<tel:850-254-2955> | Toll Free - 877-699-FLUX<tel:877-699-FLUX> Web - http://www.fluxlabs.net<http://www.fluxlabs.net/>
On Apr 17, 2015, at 7:50 PM, Always Learning <[email protected]<mailto:[email protected]>> wrote: Exim 4.72 (Centos 6) A MTA experienced 20 minutes (circa 1,722 attempts) of: (from logwatch) 2015-04-17 22:56:16 SMTP protocol error in "AUTH LOGIN" H=(SRV) [88.119.254.244]:50272 I=[xx.xx.xx.xx]:25 AUTH command used when not advertised: 1 Time(s) Have changed:- smtp_accept_max = 5 smtp_accept_max_per_connection = 5 smtp_accept_max_per_host = 5 whilst assuming it will not prevent future abuse. If I create acl_smtp_auth = acl_reject_auth acl_reject_auth: warn message = ${run{SHELL -c "PHP EXIM_ALERT (code to bloke IP address in IPtables......) deny message = (rejection message) ...... will this ACL only intercept log-on attempts ? Thank you. -- Regards, Paul. England, EU. Je suis Charlie. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
