Hi,
I'm using spamdyke for greylisting, rbl-, ptr-record-check and thousand other things ;).
I noticed that although spammers gets refused to send mails they keep trying. Now I thought of altering blockhosts rules to scan maillog frequently. Has anybody experiences in this regarding server balance and load?
Here goes an expample snippet of spamdyke (fyi):
Feb 18 16:26:48 mail spamdyke[30323]: DENIED_RBL_MATCH from: boris@web-vision.de to: boris@web-vision.de origin_ip: 91.0.163.114 origin_rdns: p5b00a372.dip0.t-ipconnect.de auth: (unknown)
Regards,
Boris
Travel Travel reports, it is all about food
Montreal: Schwartz's, Le Petit Alep
Albums: Pictures and some notes
ITRANS Song Book Hindi, Urdu, Marathi song lyrics
Online ITRANS Web Interface
BlockHosts block hosts
BlockHosts FAQ
BlockHosts Forum
CD Inserts & Envelopes Web Interface
Nisha Ganatra's Films
Cake: starring Heather Graham
Email: avinash@aczoom.com
Copyright © 1995-2016 Avinash Chopde, avinash@aczoom.com
server load?
Are you referring to load on the server with blockhosts.py running? That should be minimal - you can always run blockhosts in cron mode, so kick it off only every minute or hour as needed, depending on the actual load, and/or frequency of attacks on spamdyke.
It should be easy to write a pattern to locate the IP (following origin_ip: in your log line above). This assumes that the log line above is displaying the correct originating IP and generally immume to spoofing. Otherwise it may block valid IP addresses :-)
But - not knowing much about spamdyke, it may be best to do nothing - since spamdyke is presumably built to stop spam, it may not need any external helpers!