[SLL] Greylisting downsides: Solutions?
Andrew Sweger
andrew at sweger.net
Tue Jun 12 21:44:53 PDT 2007
On Tue, 12 Jun 2007, Jeremy C. Reed wrote:
> It may be useful to detect random stuff -- maybe some count of repeated
> failures for unknown names within some time frame from same sending host.
> Anyone do anything like that?
I'm not certain, but I suspect fail2ban can be configured for this
purpose. Normally, and by default on Debian, fail2ban watches for failed
ssh logins. After some number of failed attempts (in a window of time)
from the same source, it adds that address to a block list in iptables
(for a configurable amount of time). I know that it can be configured to
tail just about any log file and trigger actions on matching regex's. But
I haven't really dug into it to know for sure if it would work well for
email.
--
Andrew B. Sweger -- The great thing about multitasking is that several
things can go wrong at once.
More information about the linux-list
mailing list