The Exim/FTP Brute force Blacklist is a list of potentially malicious connection attempts to email and FTP accounts. We track all failed email and FTP connection attempts on our servers. When an IP address has exceeded 65 failed attempts to log in over a 1 hour period across any of our servers, the IP address is blocked for a minimum of 24 hours.
When an IP is blocked, exim will return the following message:
012.3126.96.36.199 is in an RBL on kb.yourdomain.com, see Blocked – Too many failed logins
FTP will return the following message for a blocked IP:
Blocked ip: 012.3188.8.131.52