Yes, you can do this and it will reduce the load on the server.  When you're hit with a spam message that has no RDNS and they are sending hundreds or thousands to your server it will stop them after x attempts and ban them for x hours/days.  This will reduce the load on Spamdyke and in turn your server.  Like you say it might not be a lot, but it sure feels good!


On 02/22/2014 09:18 AM, Eric Shubert wrote:
On 02/22/2014 01:50 AM, Tony White wrote:
Hi folks,
   Is this a viable option please?

90% of the SPAM I am getting lately always returns
DENIED_RDNS_MISSING
or
DENIED_RDNS_RESOLVE

   In all cases the email From User is the same as the Recipient
but with prefix or postfix characters.
   Can we perhaps use this to build a script to test denied messages
and maybe the username similarity then put the ip address in the
iptables as a "drop"?


Given that this would not improve the effectiveness at all, but would only (ever so slightly) reduce the load on the server, do you think it'd be worth the effort? Is your host suffering from a heavy load?

Also, I'd be a little concerned that these spam attempts would then be more difficult to measure. They could be logged before being dropped, but then whatever mechanism that gathers spam stats would have one more thing to count.

It's not a terrible idea though. I wonder if fail2ban could be configured to count DENIED_RDNS messages for each IP address, and if there were more than a certain number of failed attempts in a given time period, then block the IP address.

I'd like to hear from anyone with more familiarity with F2B than myself about this possibility. This might be an additional F2B configuration we could include.


--

Reply via email to