On 10/08/16 12:17, Dean Hamstead wrote: > Hi All > > Its easy enough to add a rule to the exim config to always reject > connections which HELO ylmf-pc. However they still seem to hammer away. > > Has anyone come up with anything slick to block the ip address of > clients that make a ylmf-pc request? > > Log tailing would be ok, but it seems that an external program could > fairly easily be called (denyhosts or similar)
fail2ban works exceptionally well for blocking these attempts. Can either have it specifically block their attempts on first occurrence, and/or broaden the net to include any IP that repeatedly fails to auth. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
