On 11/23/2005 12:30 AM, Tony Godshall wrote: > > Hi folks. > > I've been using Exim since I started doing e-mail on my Debian box > many years ago. But I never was able to really get into its configs- > the docs are kind of hard to grok for me. And the exim4 configs > really make my brain hurt... I can't tell where the settings are > without doing a 'grep ptn /etc/default/exim* /etc/exim4.config $(find > /etc/exim4/. -type f)' and event then I have trouble. Thank goodness > the dpkg reconfigure does a good job. > > Anyhow, I've had a domain for a decade where my hosting svc used to > forward *all* e-mail to me, and spammers made up usernames and passed > them around. Ultimately the load became too heavy for his servers > and he wasn't inclined to fix the config, so I pointed the MX to my > DSL line and took it inhouse- Exim handles it very well. > > Getting to the point, I now have tons of "Unroutable address" logs > like this in my /var/log/exim4/mainlog... > > 2005-11-22 12:34:53 H=adsl-63-195-120-242.dsl.snfc21.pacbell.net > (thesitefights.com) [63.195.120.242] > F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: > Unrouteable address > > What I'd love to do is trigger an action in those cases- something > like .. > > echo 63.195.120.242 \ >> /proc/net/ipt_recent/smtp_penalty_box > > ...which would trigger something like... > > iptables -A INPUT \ -m recent --name smtp_penalty_box --rcheck > --seconds 60 \ -j DROP > > ...and effectively block that sender for a minute. > > Yes, I know about tarpit, and it's cool, but I don't really want to > do a complete tarpit in these circumstances (it could trigger in > legit cases too)- I want to slow down senders who are using logs of > made-up addresses. > > So my question is... Can you tell me or point me toward where I > would put my "echo to the penalty box" in the Exim4 configs? > > Best Regards, > > Tony
Just a guess: Use fail2ban, point it to exim4/mainlog, set /etc/fail2ban.conf to trigger 'Unrouteable' to ban the offending IP (uses iptables). Regards. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]