On Thu, Jun 19, 2014 at 10:04 PM, Birta Levente <blevi.li...@gmail.com> wrote:
> On 19/06/2014 16:57, Giuseppe De Nicolo' wrote: > >> Hi, >> >> I have a question for you more experienced admin , I have some good >> abuse on my servers by IP listed in spam list , since I am using postscreen >> to block those all is good , anyway I thought then a good idea to just >> drop that traffic and avoid myself thousand of log line with 450 4.7.1 >> service unavailable , ans so I added fail2ban to the mix, inserting those >> IP into netfilter as reject. Pratically I am sending into iptables all the >> IP which attempt consecutive ( 10 in 600 sec ) directory harvesting hit and >> IP which attempt consecutive ( 10 in 120 sec )connection from spammy IP , >> the only drawback is obviously that I do not see them in postfix log , and >> so decided to ban them for 3 hours. >> >> Anyway I do wonder if this is a bad practice and as such should be >> avoided or not ? >> >> Best Regards >> > > A while ago I implemented the same thing ... but in a massive spam wave > (between 1000-2000 / min) I found 5-10 IP-s repeating ... so for me it's > just complicate the setup. I stay happy with postscreen! > I sort of do this myself... except I dont use automated stuff like fail2ban. When I see a pattern, I investigate, and if it comes down to a known (or "somewhat known") spammer-hosting or spammer-friendly organization, I go on a bit of a hunt to find all their netblocks... and then block them by their blocks (otherwise you run the risk of slowing down your iptables). Case in point: "webexxpurts". Spamhaus has a partial listing at http://www.spamhaus.org/sbl/listings/webexxpurts.com; but mine is more complete. I would *love* to be able to trade (perhaps this might be an idea) ip blocks with serious sysadmins who have done the same sort of work that I have. -jf -- He who settles on the idea of the intelligent man as a static entity only shows himself to be a fool. Mensan / Full-Stack Technical Polymath / System Administrator 12 years over the entire web stack: Performance, Sysadmin, Ruby and Frontend
