Re: [Fail2ban-users] getting the list of banned elements for selected jail (greylisting)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I thought greylisting was pretty much useless now as spammers have 
> mechanisms to retry.

Greylisting is still useful since retrying is a cost to spammers: they
can't afford to spend much of their time and bandwidth retrying. Same
reason why they don't send spams bigger than typical SAmaxbody.

The main problem with "across the board" greylisting is that
greylisting for legitimate MTAs introduces delays for clean mail,
which nowadays is less and less tolerable. Hence selective greylisting
is useful.

>> What's worse is that if unban action fails to unban IP for
>> whatever reason, it stays there.
> 
> Why would you think this doesn't work?

Because things fail. Happy path is not always there. Even occasional
unban failure here means that some host gets temp errors forever.
That's unacceptable.

>> The neatest solution would be to get all the items that are
>> within "bantime" and simply dump them into a file that could be
>> used by exim.
> 
> Does exim re-read the file every time it needs to check a value?

Yes, at least for "lsearch" setting (linear search of file contents)
which is used frequently. I know this is primitive but for a small
number of records (say whitelisted senders, local domains, etc) it's
efficient.

> Look at the action dummy.conf for how banned ips can be added to a
> file.

Thanks!

# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time

timestamp will do the trick.

> You can't get all IPs at once.

That's a downer. fail2ban is missing quite a number of applications
due to this I think.

Where do I talk to the developers? Here?

Regards,
Marcin Krol

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR7hszAAoJEFMgHzhQQ7hOr3kH/AqKXlaEsbVtihV8zZAhkGS3
9R1Ja7q7vE7a2wkJhgzGje/n1qiZIBrOpMrcBV25Ve53ByAX0O7lfoRHcfQPhsU0
5FfBFIsY+QJ3yJqXqIOwkHMTug1iUYlSAezkxCgK9JSSp41Yq3kGXvRdld3NsK6A
cd6MAO3AF3m3xYxla7lHg+sxXCMT1lhc5UC330nL/jP31hLoNnC308d8gd4ihxxN
XKX+wcPgeXYiDnaG/21S8IGLSQf5zUFnnUjlCvGnWgzeqiUcek/JpFEYQIdMrgDJ
JL3XBv/YLFpK1vFCRJ4Py57rdH5sZ4bWbJgCMTpTG8b4cVB6EUmrswd0cINHt0I=
=9MZ7
-----END PGP SIGNATURE-----