Yes, I know I’ve gotten in a rut of simply updating older content and passing it off as new but the pressure of bring creative or witty on a daily basis is getting to me. So bear with me here. The meds will kick in soon and I will be back to normal.
After I released exim_deny_filter.php There was a long discussion over at the DirectAdmin forum with Jeff Lasman about whether or not it was a good idea to be blocking ip addresses in exim. He (well thought out) argument was that exim was not really designed to do this even though it can do it. He argued that it was probably taking up more resources doing it this way than filtering it at the firewall and that firewalls are designed to do IP based filtering so why not let them. (I’ve shortened an 3 day conversation into 2 sentences for so you that I can say I add value with my blog. There…)
He, of course, was right. However, Firewalls can’t detect a dictionary scan and block it while exim can. I toyed with the idea of letting exim issue firewall blocks immediately but that meant that I either had to run exim as root (bad mojo) or I had to open up APF so that it could be executed by the mail user. (bad mojo) So I did what I always do, I wandered off to watch CSI. (Vegas BABY, not those other 2 imposters) Sometime in the intervening week, I hit upon the idea of a compromise. (Those that know me know that this is a wholly foreign idea to me.) Let exim detect and initially block the IPs as it detects an attack. Then, at some regular interval, move those IPs over to the firewall. And of course, give some way to remove them after a pre-defined time.
Thus was born, exim_deny_manager. It has all the features of exim_deny_filter.php and can still be used just like it. Now though, it has added capacity and functionality. (and 10% more brighteners!)
So dear reader, it is with much fanfare that I release to you, after 3 solid days of use on my own system, Exim_Deny_Manager.php. Full implementation instructions can be found on the project page
As always, questions, comments and criticisms are always welcome and sometime even responded to. (Ask Fred, sometimes I do answer emails!)
Until next time, GO Steelers!