Patrick Shanahan wrote:
a little quote trimming would be nice :^)
from my logs:
/var/log/mail: Jul 30 14:13:06 wahoo postfix/smtpd[488]: connect from edu194.internetdsl.tpnet.pl[83.14.202.194] Jul 30 14:13:18 wahoo postfix/smtpd[488]: NOQUEUE: reject: RCPT from edu194.internetdsl.tpnet.pl[83.14.202.194]: 554 5.7.1 Service unavailable; Client host [83.14.202.194] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.14.202.194; from=
/var/log/fail2ban: 2007-07-30 14:13:40,725 fail2ban.actions: WARNING [postfix-iptables] Ban 83.14.202.194
Interesting - but with RBLs you sometimes have innocent senders tarred with the same brush as the spammers, so if it's problematic to ban based on the RBLs. Count on it, some law office in Brazil will send an urgent and business critical message, and be banned due to an unfortunate choice of ISP. Managers will be angry. In a number of environments we've removed RBLs as a front line sanity check because, like SPF, they sometimes block important and legitimate messages. In other words, we're decided to use SPF and RBLs as factors in spamassassin scoring, rather than a binary decision at the perimeter. The other sanity checks are already enough to block more than half the attempted messages from even getting to the spamassassin servers. For home use fail2ban is probably fine though - aunt myrtle won't complain if her message is delayed. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org