On 02/22/2014 01:50 AM, Tony White wrote:
Hi folks,
   Is this a viable option please?

90% of the SPAM I am getting lately always returns
DENIED_RDNS_MISSING
or
DENIED_RDNS_RESOLVE

   In all cases the email From User is the same as the Recipient
but with prefix or postfix characters.
   Can we perhaps use this to build a script to test denied messages
and maybe the username similarity then put the ip address in the
iptables as a "drop"?


Given that this would not improve the effectiveness at all, but would only (ever so slightly) reduce the load on the server, do you think it'd be worth the effort? Is your host suffering from a heavy load?

Also, I'd be a little concerned that these spam attempts would then be more difficult to measure. They could be logged before being dropped, but then whatever mechanism that gathers spam stats would have one more thing to count.

It's not a terrible idea though. I wonder if fail2ban could be configured to count DENIED_RDNS messages for each IP address, and if there were more than a certain number of failed attempts in a given time period, then block the IP address.

I'd like to hear from anyone with more familiarity with F2B than myself about this possibility. This might be an additional F2B configuration we could include.

--
-Eric 'shubes'


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to