Quoting Phillip Carroll ([email protected]): > Any help appreciated (including better ideas).
Use iptables & ipset if you want to block the IP-space of entire AS or CCs. If you 'just don't care' for traffic from large amounts of IP-space you dont want Exim to deal with that. Exim was built to deal with email, not blocking/rejecting connections. ;) # ipset create CC_CN hash:net counters # ipset add CC_CN w.x.y.z/vv repeat for all of .CN's IP-space # iptables -I INPUT -m set --match-set CC_CN src -j DROP optionally add -p tcp --dport 25... You can tell fail2ban to not use iptables to block connections but instead use ipset. I personally use the 'hit once, be blocked for ever' approach and have 'unban_action' set to '/bin/true'. There's roughly 13k IPs in my fail2ban ipset. ;-) Add some automation to this mix and you get: [root@vm:~] # update-ipsets Updating set as15975, type as, data 15975 ... no change in set Updating set as16276, type as, data 16276 ... no change in set Updating set as33258, type as, data 33258 ... no change in set Updating set as39435, type as, data 39435 ... no change in set Updating set as4320, type as, data 4320 ... no change in set Updating set as63857, type as, data 63857 ... no change in set Updating set ccCN, type cc, data CN ... changes were detected Updating set ccHK, type cc, data HK ... changes were detected Reload FW Loading ipset AS_15975 Loading ipset AS_16276 Loading ipset AS_33258 Loading ipset AS_39435 Loading ipset AS_4320 Loading ipset AS_63857 Loading ipset CC_CN Loading ipset CC_HK Saving state of current fail2ban ipset. Loading ipset fail2ban Loading ipset local_filter Done. Add some graphs and https://8n1.org/11176/7a2c ! But this is getting off-topic rather quick. :) Sorry for that. Regards, -Sndr. -- | The world is so full of these wonderful things, | i'm sure we should all be as happy as kings. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
