Patrick Shanahan wrote: > a little quote trimming would be nice :^) > > from my logs: > > /var/log/mail: > Jul 30 14:13:06 wahoo postfix/smtpd[488]: connect from > edu194.internetdsl.tpnet.pl[83.14.202.194] > Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from > edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; > Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see > http://www.spamcop.net/bl.shtml?83.14.202.194; from=<[EMAIL PROTECTED]> > > /var/log/fail2ban: > 2007-07-30 14:13:40,725 fail2ban.actions: WARNING [postfix-iptables] Ban > 83.14.202.194 > > Interesting - but with RBLs you sometimes have innocent senders tarred with the same brush as the spammers, so if it's problematic to ban based on the RBLs. Count on it, some law office in Brazil will send an urgent and business critical message, and be banned due to an unfortunate choice of ISP. Managers will be angry. In a number of environments we've removed RBLs as a front line sanity check because, like SPF, they sometimes block important and legitimate messages. In other words, we're decided to use SPF and RBLs as factors in spamassassin scoring, rather than a binary decision at the perimeter. The other sanity checks are already enough to block more than half the attempted messages from even getting to the spamassassin servers.
For home use fail2ban is probably fine though - aunt myrtle won't complain if her message is delayed. Joe -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
