Again, an old post, but I may have solved this -mostly for a bunch of Lithuanians and Russians tring to hack into the server.
Rather than a "static" list like the foregoing, each hour, via cron, I parse the past hours' data from the zimbra log, pull out the SASL authentication failures, then parse the IP addresses and add them to an ipset spammers list.
Since I'm the one that primarily uses my server I tend not to get SASL authentication failures - but "anyone else", within an hour, will have their IP dropped.
It's not necessarily a "generalised solution", but, for the moment, it appears to work for me.
Rather than a "static" list like the foregoing, each hour, via cron, I parse the past hours' data from the zimbra log, pull out the SASL authentication failures, then parse the IP addresses and add them to an ipset spammers list.
Since I'm the one that primarily uses my server I tend not to get SASL authentication failures - but "anyone else", within an hour, will have their IP dropped.
It's not necessarily a "generalised solution", but, for the moment, it appears to work for me.
Statistics: Posted by chris_shattock — Tue Jan 23, 2024 4:17 pm