#68 Reduce the maxretry if ban volume is high

[Cidi Rome]

It would be god to be able to reduce the maxretry value to a diferent value if the bans applied for that jail in the latest period of time have been more then a specified value.

Example for jail configuration:

[MAIL-iptables]
enabled = true
filter = courierlogin
action = iptables-multiport[name=MAIL, port="25,143,110,465,587,993,995", protocol=tcp]
sendmail-whois[name=MAIL, sender=mylocalmail@mydomain.com, dest=mymail@mydomain.com]
logpath = /var/log/maillog
maxretry = 5
findtime = 3900
bantime = 3600
maxretryhighvolume = 1
highvolumelevel= 200
highvolumetime = 3600
highvolumebantime = 21600

Basically, when banning the system would check that if in the latest "highvolumetime" seconds the number of ban has exceed "highvolumelevel" and use the "maxretryhighvolume"&"highvolumebantime" instead of "maxretry"&"bantime" has limit and bantime .

I think that in today's situation of botnet attacks, this kind of configuration would be very useful.

If there are others that agree this would me interesting, please give your ideas or ask me to explain if you didn't understand.

Best Regards.