• Slavko via Exim-users [2022-06-24 06:08]:
[...]
> That is pretty simple, just add this IP to firewall's DROP. To automatize
> its banning, use fail2ban. But be aware, that they will often try from
> other IP soon. I have 100 - 800 different IPs per day, most of them
> has only one attempt allowed
Dňa 24. júna 2022 9:14:41 UTC používateľ Kirill Miazine via Exim-users
napísal:
>I've found AuthBL from Spamhaus and Abusix to be very useful.
AFAIK Spamhaus's AuthBL is about hosts, which uses stolen credentials
(to send SPAM), not those attacking AUTH. While i use it in rsdpamd and MX,
only
Best way here is to add your users primary country to the auth_advertise_hosts
list. Could be quite a IP list, but you can store it in a file if you want, by
using a lookup condition.
Then if they travel to a non-approved country, they have to be without mail or
be approved by you as administrat
>> i have the rdns, the TXT RRs, ... but,
>
> I deleted old messages already, but at that time your IPv6 has not
> PTR...
>> i have the rdns, the TXT RRs, ... but,
>>
> Please, do not send reply direct to me, one message via ML is
> enough...
the world needs to mo
