Boris give a nice jail definition for spamdyke. He references the following article: http://notes.benv.junerules.com/all/software/qmail-spamdyke-and-fail2ban/
On reading the article, Benv reports that he had a currently banned count of 1987. Perhaps I have a misunderstanding of how fail2ban works. But, what I think this means is that 1987 separate iptable rules have been added. One for each offending ip address. I also think as it's currently set up, EVERY packet, regardless of type, protocol, or port, that comes into your mailserver will be checked against this ever growing list of ip address. I would think that if your mail server is also being used as your name, web, and/or ntp server then each one of those services will be unnecessarily slowed down buy this check. I'm wondering if the action to be used here would be iptables[name=SPAM protocol=TCP port=25] Thoughts? Tony >Message: 5 >Date: Mon, 23 Aug 2010 14:25:33 +0200 >From: Boris Hinzer <[email protected]> >Subject: Re: [spamdyke-users] Does one blacklisted address kill the > delivery? >To: spamdyke users <[email protected]> >Message-ID: <[email protected]> >Content-Type: text/plain; charset=us-ascii > >Here goes my /etc/fail2ban/jail.local :
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
