Re: Deterring mail relay attempts

To: debian-user@lists.debian.org
Subject: Re: Deterring mail relay attempts
From: Chris Davies <chris-usenet@roaima.co.uk>
Date: Wed, 30 Jun 2010 15:48:04 +0100
Message-id: <[🔎] 422sf7x5pg.ln2@news.roaima.co.uk>
Reply-to: chris@roaima.co.uk
References: <[🔎] 4C28DA0B.9090002@chandlerfamily.org.uk> <[🔎] 2hvof7xs3l.ln2@news.roaima.co.uk> <[🔎] 4C29E971.9080901@chandlerfamily.org.uk>

Alan Chandler<alan@chandlerfamily.org.uk> wrote:
> I have just moved my mail server (exim4 split config based) from one
> machine to another, and in doing so started examining the logs.  I am
> being hit with multiple attempts to relay - several a second.  They come
> in bursts from one host, then come from somewhere else.

On 29/06/10 11:46, Chris Davies wrote:
> Fail2ban is remarkably good at helping deter probes such as relay
> attempts [...]

Alan Chandler <alan@chandlerfamily.org.uk> wrote:
> I suppose that I can pick up the IP addressed from
> /var/log/exim4/rejectlog and then use an iptables chain [..]

Actually, fail2ban does this automatically for you. It adds a DROP for
the source IP address into its own fail2ban chain. (And later removes
them after a configurable period of time.)

Chris

Reply to:

References:
- Deterring mail relay attempts
  - From: Alan Chandler <alan@chandlerfamily.org.uk>
- Re: Deterring mail relay attempts
  - From: Chris Davies <chris-usenet@roaima.co.uk>
- Re: Deterring mail relay attempts
  - From: Alan Chandler <alan@chandlerfamily.org.uk>

Prev by Date: Re: nouveau prob with 2nd card
Next by Date: caught flatfooted with a 2wire gateway model 4011G
Previous by thread: Re: Deterring mail relay attempts
Next by thread: how to set up a wireless access point
Index(es):
- Date
- Thread