On 30/04/16 09:38, Phillip Carroll wrote: > Thanks for the suggestion. > > I looked at fail2ban some time back as something I might run on my site, > but ultimately decided against. If I understand correctly, that utility > rummages through various logs looking for problems and automatically > applies solutions. Seems a rather roundabout way of dealing with my > issue, whose parameters are already well known, and exim/smtp-specific. > I had in mind more of a rifle approach rather than a hand grenade. > (sorry for the violent metaphors) > > But, I am always somewhat leery of AI approaches to server management. > However, maybe I have the wrong impression of fail2ban.
It's not so much AI, or automatic. You have to turn on exactly which tests and actions happen - filters (regex) & actions. In the case of the firewall ban, it only lasts as long as configured. The actions can be anything so you can also/instead notify yourself when someone is banned. eg. I firewall anyone for 60 minutes who - uses AUTH when not advertised (exim log message) - fails to use a valid username after X attempts (exim log message) - can't get their password correct after X attempts (exim log message) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
