On Wed, 8 Feb 2006, Robert Spier wrote:
I think what we need is a "three-strikes" meta plugin: if a remote MTA
has been sent a DENY_SOFT or DENY and continues to attempt the send a
One of the things on my eternally long list is a throttling system.
If you connect too often, too fast, go away!
On linux at least, iptables already does that effectively and efficiently.
I have not seen a simple writeup of how to do this with iptables.
Pointers welcome.
According to http://www.debian-administration.org/articles/187 it can be
done:
iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent
--set
iptable -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent
--update --seconds 10 --hitcount 10 -j DROP
But I would be a bit wary of using iptables for something like this unless
I was familiar with the appropriate thresholds for the duration and
hitcount. I could only see this being helpful when the hitcount/duration
threshold is something like 10 to 1, any other time you risk a false
positive from a boundary case that hasn't been considered.
