hi u
in the last days some virus make dictonary attacks on my domains.
it is always the same
in intervals comming email, since we have now catch all anymore:) ,
most to anyname(_at_)its-h(_dot_)de>... User unknown
they are originating mostly for one or too days from the same ip.
of cause sometimes paralel from different hosts with different ip's
the ip's are not listet in virBL or SPAMHAUS DNS services and
are from networks all over the world
the idea is to count this atacks some how up to a certain threshold and then
bounce the messages from that ip for lets say 24 h
in the virBL FAQ they mentioned that viruses using there own SMTP engine and
valid email from the user off the infectet pc will
probaly come over his email acount with a different ip so he will not
be blocked sending email to us.
and any virus send from his pc to a valid email adress will also be blocked
is there a way with procmail to
discover a repaetly spam sending ip
writing this in a kind of blacklist
and block the ip for lets say 24 h on the SMTP level with Sendmail with an
error 5.7.1
something like a local virBL DNS text database ???
since i am something like a beginner with *nix / procmail / sendmail and so on
any sugestion or help to do
something like this will be welcome
Matthias Haeker
mhaeker(_at_)its-h(_dot_)de
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail