On 10/4/07, Steven Kurylo <sk@infinitepigeons.org> wrote:
> > Then use the Spamhaus blacklist to reject the message after receiving the body. You'll be tying up a connection for a bit longer, but if you do it before more intensive tests like SpamAssassin, you still minimize your resource utilization as much as possible.
>
> Thats an interesting idea. I could check spamhause after the data
> acl, and issue a 5xx, while delivering the message to the spam
> mailbox. I'll have to go read the exim docs...
So I'll still look into that, but what I did for now was have exim
drop connections listed with pbl.spamhaus.org. If a host on that list
tries to connect more than twice in ten minutes, fail2ban will block
them for 24 hours.
Just tailing the log, there is a huge slow down in the rate it scrolls by...
Received on Thu Oct 4 17:02:36 2007
This archive was generated by hypermail 2.1.8 : Thu Oct 04 2007 - 17:02:43 CST