As posted in another thread, I have been fooling around with Fail2Ban. I had some problems getting it running and will post about that in a new thread when thoroughly tested.
However, whilst reading page after page about Fail2Ban it would seem possible to use it as an anti-spam tool.
For those unfamiliar with Fail2Ban :- Fail2Ban works by watching any log you specify and using a regex Fail2Ban can update iptables and/or hosts.deny. Once certain criteria are met, the IP number is banned for a preset period.
So, Fail2Ban was told to watch maillog for "recipient unknown" more than, say, 3 times in one minute all from the same IP and then ban that IP for say, 10 minutes.
Looking through my logs I have seen numerous occasions daily where this could save resources.
I guess that the sending server would be "refused connection" and would have to try again later. Could that work similar to grey listing?
Could this be a good/bad idea ?
Am I going nuts ? :-)