On Fri, 30 Nov 2012, Robert Schetterer wrote:
Am 30.11.2012 12:07, schrieb Tomas Macek:
Fail2ban looks good, I will try it. But I'm worrying about to many
filter rules in fail2ban chain, that could lead into slowing down the
whole machine. The force attacks are often really brute and the IP's of
the clients change often also. But this could be a good way...
fail2ban is not very heavyweight with ipset
however most brute force are running against pop3 and imap these days
not submission
what i had ,was ,fail2ban log parsing was to slow with millions of bot
cons on port 25
Yes, I'm also worrying now about the performance of fail2ban on 200 MB of
maillog on our machine. But I will try it, maybe this will be enaugh for
us.
so i wrote a mail syslog parser script
This is really interesting solution (!), hope I will be able also to
connect to the syslog's pipe and read the mesages. But I don't know how
right now, I still was not studiing this, but I believe, that this would
have much bigger performance! Thanks for the idea!
Tomas
