Hi, On Mon, Feb 14, 2011 at 10:49:49AM +1300, Jim Cheetham wrote: > On 14/02/11 06:59, Moritz Wilhelmy wrote: > > Just a stupid idea, but you could make exim append tcp_wrappers rules to > > /etc/hosts.deny or whereever it's located after a failed relay attempt? (in > > case you use tcp_wrappers, that is) > > Not a good idea to change Exim like that. Actually, I believe it doesn't require to "change" the exim code for that. You just need to append to a file, which I believe, exim already supports. Exim already knows where the relay attempt came from, and tcp_wrappers support include-directives (according to hosts_access(5), it can include files), so including a /var/run/exim/hosts.deny from within the global config would be possible as well, if you don't want to give exim write permissions on the global tcp_wrapper configuration file(s).
Any objections? > There are plenty of third-party apps like Fail2Ban and Denyhosts that > can be configured to read through your logfiles looking for attackers, > and then do any tcpwrappers/firewall configuration that you like. Denyhost only supports failed SSH logins, I think. Can't tell anything about fail2ban, but why run another daemon if exim is sufficient? Especially denyhosts (which I run) is very resource hungry in my experience. Best regards, Moritz -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
