On 01/07/10 18:43, lee wrote:
On Thu, Jul 01, 2010 at 03:58:24PM +0100, Alan Chandler wrote:first /etc/fail2ban/jail.local to define the jail for exim (as it is not included as standard in the Debian configuration). This just required a few simple linesOne downside seems to be that it creates lots of exim processes, and I am not sure why yet. It may be open connections with dropping data as a result of the recently added iptables ruleJust to be curious, what is the thinking/idea/advantage behind disallowing connections by firewall rules instead of denying the relaying or blacklisting the originating IPs through exims configuration?
I would like to cause as much disruption to these guys as possible. My thinking was that an immediate "Relay not permitted" allows them to move on and try the next one (or worse just repeating with another address on MY connection - which I have discovered is what they like to do). On the other hand just dropping the packets means that they have to timeout the connection before they can move on.
After all, all this bandwidth hitting my connection does make it harder for people to get a good response from my other services such as my web site.
I am just a personal individual sitting at the end of my ISP's broadband connection.
-- Alan Chandler http://www.chandlerfamily.org.uk