On Thu, Dec 15, 2005 at 10:49:20PM +0100, Jan Pieter Cornet wrote: > An easier solution might be to have a process tail(1) your logfile and > take action on the information there. I think I've even seen something > like that: more than x invalid recipients, and you're firewalled away.
This works quite well for us. We have some stuff that tallies good/bad recipients over a period and if it crosses the threshold the remote host gets null routed for something like 10 minutes. We also trigger the null route on a few other errors indictive of a spam bot (or really broken SMTP server.) Under heavy rumplestiltskin attacks I've had over 5k IPs null routed on each of my MX servers. Usually runs around 30-50. -- Kelsey Cummings - [EMAIL PROTECTED] sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407 _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang