Re: [bitfolk] Spam overwhelming my mail server

On Mon, Feb 17, 2014 at 12:05:53AM +0000, Gavin Westwood wrote: The delay depends on the sending server I believe, and supposedly varies, I've always found it to be about 15 minutes. Certainly my experience is that greylisting is incredible - it loses about 85% of our incoming mail with no errors. For us that is hundreds of thousands of emails consigned to oblivion every month. That said, there are some disadvantages - there have been a couple of occasions when that 15 minute delay has caused problems, it isn't RFC compliant and I know some people consider grey listing to be evil. I would not be without it. You shouldn't need regex surely, on systems where I have exim installed I just have the following in my /etc/fail2ban/jail.local file: [exim] enabled = true port = smtp,ssmtp filter = exim maxretry = 3 [exim-relay] enabled = true port = smtp,ssmtp filter = exim-relay maxretry = 1 And then restart fail2ban. One thing I would say about fail2ban is to test that it is working. To some degree monitoring logs will achieve this, but I have found it to be fairly important to physically test. One specific problem, which may be resolved now, is that I found that I needed the following in the [DEFAULT] section of jail.local (or jail.conf), without this fail2ban ironically failed to ban. backend = polling An idle google came up with the following iptables method for restricting connections: No idea of its efficacy, but it seems reasonable. Chris. -- Chris Roberts