Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
Recently I have been introduced to Welcome to the Home of OSSEC (which is a great tool) and thought about a different use for it. It already has a decoder/ruleset for Postfix so instead of issuing a iptables block from a command action why not inject the source IP address into a greylisting table ossec already has its own timeout capability which could be used to delete the entry after a pre-determined time.
If you are concerned about a host to use OSSEC, then maybe iptables is a better approach. greylisting is not like the same door-slamming effect of simply dropping traffic from a suspect host.
Thanks for the response. I do not wish to "slam the door" but temporarily stem the inbound traffic from a bot or rooted server. I could just run a greyserver and let that apply the rules to all inbound traffic; though I have been burnt by that before. By using the method I have indicated it would only apply greylisting to specific inbound servers. Perhaps apply a 450 for 5 minutes, but keep a track of the IP, and if they connect again within a certain time period steadily increase the greylisting time.
Bugzilla
Wiki
Source
Greylisting and a new approach ? 
ossec already has its own timeout capability which could be used to delete the entry after a pre-determined time.
Linear Mode
