> On Thu, Jun 11, 2009 at 01:34:15PM +0100, Simon Jones wrote: > >> Thanks guys, fail2ban looks great - config is being a bitch though but >> i have anvil working now! > > Presumably as an anti-DoS service. It is not an anti-spam feature, > and should not be used that way. The anti-DoS use-case is to prevent > (usually accidental) abuse from one or a small-number of "run-away" > clients that are hammering you with email, volume limits should > be noticeably above your normal peak loads.
fail2ban might be more appropriate. It works very well against dictionary attacks and will stop backscatter spam in it's tracks. After a number of invalid user attempts, it adds a firewall rule to drop packets from the sending address for a predetermined amount of time. Terry
