Hi Tony, You're right, the action should be like you mentioned if you just want to prevent spam.
Andreas Am Dienstag, 24. August 2010 00:20:46 schrieb Anthony Ercolano: > Boris give a nice jail definition for spamdyke. > > He references the following article: > http://notes.benv.junerules.com/all/software/qmail-spamdyke-and-fail2ban/ > > On reading the article, Benv reports that he had a currently banned count > of 1987. Perhaps I have a misunderstanding of how fail2ban works. But, > what I think this means is that 1987 separate iptable rules have been > added. One for each offending ip address. I also think as it's currently > set up, EVERY packet, regardless of type, protocol, or port, that comes > into your mailserver will be checked against this ever growing list of ip > address. I would think that if your mail server is also being used as > your name, web, and/or ntp server then each one of those services will be > unnecessarily slowed down buy this check. > > I'm wondering if the action to be used here would be iptables[name=SPAM > protocol=TCP port=25] > > Thoughts? > > Tony > > >Message: 5 > >Date: Mon, 23 Aug 2010 14:25:33 +0200 > >From: Boris Hinzer <[email protected]> > >Subject: Re: [spamdyke-users] Does one blacklisted address kill the > > delivery? > >To: spamdyke users <[email protected]> > >Message-ID: <[email protected]> > >Content-Type: text/plain; charset=us-ascii > > > >Here goes my /etc/fail2ban/jail.local : > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
