On Thu, 8 Aug 2019, Richard Jones via Exim-users wrote: > From: Richard Jones via Exim-users <[email protected]> > To: [email protected] > Date: Thu, 8 Aug 2019 11:22:57 > Subject: Re: [exim] detecting overly frequent smtp from real user > Reply-To: Richard Jones <[email protected]>
... > I did some work for Oxford University ages ago, and they used SEC to > parse the logs, count up failed SMTP transactions for users/IP addresses > and block once it exceeded a threshold. > > SEC was a bit messy, I would probably look at using Fail2Ban with a > custom action script to do that now. A long, long time ago -- back in 2006 -- Tom Kistner described how he did this with a couple of perl scripts. See: https://lists.exim.org/lurker/message/20060416.091402.c5100b67.en.html and: https://lists.exim.org/lurker/message/20060502.201702.5ae738bb.en.html I remember using these perl scripts to good effect for a short while. The site holding the scripts seems to have disappeared, but I *think* I've still got copies squirrelled away somewhere. -- Dennis Davis <[email protected]> -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
