|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Blacklist and address based on "User unknown"
From: Crayon (crayon.shin.chan.uk
gmail.com)
Date: Tue Jan 02 2007 - 15:39:38 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wednesday 03 January 2007 05:26, Noel Jones wrote:
> You can implement this with a logwatcher script,
I know, but, so I take it there's no postfix mechanism I can leverage?
> but IMHO a single
> mail to an unknown user is a poor indicator of a malicious host.
Based on the mail logs can I quite confidently state that false positives
will be less than 1 in a 1000. In any case they would only be blacklisted
temporarily but for increasing lengths of time for persistent offenders
and there would be a limit to the maximum time - to avoid DOS.
> If you arrange for your script to block after N unknown users and 0
> valid users, that might be more reasonable.
I would probably arrange it so that they would be removed from the
blacklist after 1 valid user. Anyway specific details would be fine tuned
once it's operational :)
--
Crayon
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]