On 2015-01-28 04:24, Peter Hodur wrote: > Wietse in last email ask me "How much delay can you tolerate?". The answer > is: no delay :) Reason is, that only single email to tarpit address can get > IP address to blacklist. Only single email can hurt our custommer service > with tons of custommer complains about deliveriability.
I don't know about the rest of your infrastructure but SEC [1], OSSEC [2] or Logsurfer [3] should be able to almost instantly execute actions based on log messages. If you have to scale this out, you can use a message bus or a syslog software with load balancing. Regards, Matthias-Christian [1] http://simple-evcorr.sourceforge.net/ [2] http://www.ossec.net/ [3] http://www.crypt.gen.nz/logsurfer/
