Am 02.03.2015 um 11:02 schrieb Jochen Bern:
On 03/01/2015 08:53 AM, Jim Pazarena wrote:I wonder if there is an easy way to provide dovecot a flat text file of ipv4 #'s which should be ignored or dropped? I have accumulated 45,000+ IPs which routinely try dictionary and 12345678 password attempts. The file is too big to create firewall drops [...]The inherent assumption here is that dovecot, using a "flat file", will be able to process the block list more effectively than the firewall, which is a tool written for the *purpose* but supposedly unable to even *try* due to the list's size. That sounds ... counterintuitive
* it's unmaintainable on firewall level * it's waste of ressources because it is *packet based* * hence a RBL would make so much more sensefor rbldnsd it don't matter if 100, 1000, 10000, 10000000 addresses or even cidr-ranges are listed because the check is always *one* cheap dns request for the IP conencting at the moment
signature.asc
Description: OpenPGP digital signature
