On 2013-06-30 LuKreme wrote: > When reject_unknown_client_hostname triggers on an NXDOMAIN it returns > a 550 error, which is great. When it triggers because there is no PTR > record, it returns a 450 error, which is also great… except. > > What I see is servers that connect hundreds of times, getting 450 > errors and ignoring them and trying to send their spam again and again > and again. > > I have some IPs that have tried to connect hundreds of times to send a > message that is always going to generate a 450 error since the host > does not have a PTR record and never will. I have over 10,000 of these > failures on an average day. > > Does anyone have any suggestions? I am thinking about writing a > fail2ban action for them that triggers after 5 or 10 attempts with a > long ban, but I am not sure that's a good idea. > > Or should I just stop worrying and figure the amount of resources > being used is insignificant?
I'd say fail2ban is the way to go about this. If you want to be on the safe side, make the threshold somewhat higher and extend the lockout period. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
