also sprach Yaroslav Halchenko <[EMAIL PROTECTED]> [2006.07.12.0449 +0200]: > May be I got your comment wrong: are you suggesting to block all 5xx > codes?
Maybe not all. But only 5xx codes, never 4xx ones. > "Sender address rejected" can be caused by 450 Domain not found... > should not we use it? If that happens, then it'll be a 4xx "reject". Postfix will not reject the sender if the domain lookup is a 450, I think. > And we better just block only limited set of 5xx since there are > legitimate ones such as > 552 Requested mail action aborted: exceeded storage allocation Right. > Another point/question is: should I simply rely on codes or symbolic > messages as well? > Most probably it would be better to rely on the codes instead of error > messages themselves since they can change... So can the codes, and without extended error codes, it's not possible to e.g. say what a 554 is. > Although "Relay access denied" seems to be used in reporting to > multiple error codes, so probably it would be useful to have the > string Yeah, exactly. > > See above, but if you include 5xx it should be okay. Anyway, still, > just once again - do you mean include all of 5xx or just provide the > codes for already mentioned in the failregex? Just make sure that any message that would cause fail2ban to block an IP includes a 5xx and not a 4xx. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <[EMAIL PROTECTED]> : :' : proud Debian developer and author: http://debiansystem.info `. `'` `- Debian - when you have better things to do than fixing a system
signature.asc
Description: Digital signature (GPG/PGP)