Greg Kuhnert <gkuhnert@...> writes: > > DFIX2 has a feature where it looks at multiple forged email messages from a single ip address, and blocks > them for an hour if detected... > > But as suggested here - there is a risk of false positives. Impact with the dfix2 solution: For your average > mail sender, it will let the first couple of messages like this through - if they keep trying to send - it will > block for one hour. In my case, it works just fine :) > > Greg. > > On 4 Nov 2013, at 3:20 pm, webmaster <webmaster@...> wrote: > > > > > > > I have used procmail to filter on <May be forged> > > > > It caught many many many many spams however...... it also picked off > > some legit mail > > > > I had to disable it. Too many customers were complaining > > > > I would love to implement again because it worked great! > > > I wonder which way is better? I’m using fal2ban right now, with the setup from my previous post, and it processed 100s overnight. 90 plus of them originated from 74.117.209.x and 74.117.210.x IP addresses, starting our around 5 for the last number and going all the way to 230. I don’t like all the warning emails fail2ban sends. But I can disable that once I am sure I’m not blocking too many innocents. I’m not overly concerned because the ban/block lasts about 10 minutes and then releases until the next 3 attempts by the offending IP. I like that temp ban feature, in case it does block a valid IP address. So far it's doing exactly what I need it to do with no issues so far. Thanks Tom
_______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx