Dňa 31. mája 2024 15:35:36 UTC používateľ Alessandro Vesely via mailop <mailop@mailop.org> napísal:
>Lots of queries, aren't they? I only use Smpamhaus zen and DNSWL for >whitelisting, for receiving SMTP. My own RBL blocks via iptables. Note: my MSA is separated from MX, but both use the same (caching) DNS server. I do't think that it is a lot of queries. Of course, it is more than two, but they are done in paralel (more precise async) and DNS queries are cheap. Thease RBLs overlaps only in ~50 - 60 %, thus more probability that bad actor will get hit, when i combine them. I abandon ZEN (only DROP from its codes) for auth, after i hit some false positives. Initialy i got panic (not really), as it was my daughter's partner, but then we identified, that it was IP change, and then again, and again... >At the end of the day I check all login addresses against abuseIPDB, which is >not an RBL; it has a web interface. I am aware of it, i had account there, but then i removed it. But yes, i investigate results too, not on daily base, only when i "feel" that it is needed. But as i mention, my user base is low and i know personaly all of them, no problem to inform about problem... >Nice graphics! Thanks, python + mathplotlib, the code, if you are interested, is here: https://git.slavino.sk/ipcartog.git/ but some Slovak strings are hardcoded... >I don't block based on country, because users sometimes travel. I have per user country list (no user interface too), by default whole EU + some popular destinations (i don't know to name them in English from head), and i usually know when users will travel, no problem yet. Some years ago i was against GeoIP blocking, but then i changed my minds, but only for email AUTH (yet?). >The opposite for me. They doubled in the last three weeks. Perhaps they just moved from me to you :-P But i afraid, that they will return... Currently is my web server abused, for about 10 days... I am only not sure if i am target, or i am used to abuse others (just SYNs, but not as high to be flood)... I noticed it only from TCP retransmission monitoring (increased by ~100 times), it is ~100 IPs daily, most of them from AS20473. regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
