* Sloan <joe@tmsusa.com> [07-30-07 14:58]:
I'm curious about the mechanism by which fail2ban determines what is legitimate high volume mail, and what is spam... Unfortunately messages can bounce due to various causes on the receiving end, including users who have moved on but haven't let all their contacts know their new email address, or even hardware problems, network outages or configuration blunders.
a little quote trimming would be nice :^) from my logs: /var/log/mail: Jul 30 14:13:06 wahoo postfix/smtpd[488]: connect from edu194.internetdsl.tpnet.pl[83.14.202.194] Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbamboedyj@bamboe.nl> to=<paka@wahoo.no-ip.org> proto=ESMTP helo=<[83.14.202.194]> Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbamboedyj@bamboe.nl> to=<pat@wahoo.no-ip.org> proto=ESMTP helo=<[83.14.202.194]> Jul 30 14:13:27 wahoo postfix/smtpd[499]: connect from edu194.internetdsl.tpnet.pl[83.14.202.194] Jul 30 14:13:38 wahoo postfix/smtpd[488]: lost connection after DATA from edu194.internetdsl.tpnet.pl[83.14.202.194] Jul 30 14:13:38 wahoo postfix/smtpd[488]: disconnect from edu194.internetdsl.tpnet.pl[83.14.202.194] Jul 30 14:13:40 wahoo postfix/smtpd[499]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbangnaidyj@bangnai.com> to=<paka@wahoo.no-ip.org> proto=ESMTP helo=<[83.14.202.194]> Jul 30 14:13:40 wahoo postfix/smtpd[499]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=<sigbangnaidyj@bangnai.com> to=<pat@wahoo.no-ip.org> proto=ESMTP helo=<[83.14.202.194]> /var/log/fail2ban: 2007-07-30 14:13:40,725 fail2ban.actions: WARNING [postfix-iptables] Ban 83.14.202.194 2007-07-30 14:28:40,930 fail2ban.actions: WARNING [postfix-iptables] Unban 83.14.202.194 -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org