* Sloan [07-30-07 14:58]:
I'm curious about the mechanism by which fail2ban determines what is
legitimate high volume mail, and what is spam... Unfortunately
messages can bounce due to various causes on the receiving end,
including users who have moved on but haven't let all their contacts
know their new email address, or even hardware problems, network
outages or configuration blunders.
a little quote trimming would be nice :^)
from my logs:
/var/log/mail:
Jul 30 14:13:06 wahoo postfix/smtpd[488]: connect from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from= to= proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from= to= proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:27 wahoo postfix/smtpd[499]: connect from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:38 wahoo postfix/smtpd[488]: lost connection after DATA from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:38 wahoo postfix/smtpd[488]: disconnect from edu194.internetdsl.tpnet.pl[83.14.202.194]
Jul 30 14:13:40 wahoo postfix/smtpd[499]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from= to= proto=ESMTP helo=<[83.14.202.194]>
Jul 30 14:13:40 wahoo postfix/smtpd[499]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from= to= proto=ESMTP helo=<[83.14.202.194]>
/var/log/fail2ban:
2007-07-30 14:13:40,725 fail2ban.actions: WARNING [postfix-iptables] Ban 83.14.202.194
2007-07-30 14:28:40,930 fail2ban.actions: WARNING [postfix-iptables] Unban 83.14.202.194
--
Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
Registered Linux User #207535 @ http://counter.li.org
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org