Yes, but in this case there are no bad entries. The spammer has the
password.
I suppose F2B might check for a number of submissions in a given time
period, but blocking and unblocking could get to be cumbersome.
I suppose a throttle could be put on qmail-smtp to limit submissions.
The problem there though is disturbing users who occasionally might
actually submit several emails in a short period of time. By throttling
qmail-remote instead, there's no negative impact on the users. Only that
delivery is delayed slightly when they fire off a bunch of emails in a
short period of time.
--
-Eric 'shubes'
On 02/16/2014 02:46 PM, Finn Buhelt wrote:
Hi Eric.
You can have Fail2ban check Your logs for bad entries that happens
within a given period of time and then ban the IP address (Ip tables).
Let Fail2ban check on the LAN ip address that is submitting the email in
the submit log and then take action when Your tresholds are triggered -
maybe not ban the ip adress (LAN) - send an email to sysadmin or lift
the ban after 10 min.
Regards,
Finn
Den 16-02-2014 21:03, Eric Shubert skrev:
I don't see how fail2ban would be of any help with this. Can you
elaborate?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
