I guess my mentality is a large IPTables is still less of a load than letting them establish a connection and attempt to authenticate, but I'm certainly open to better ideas.
Rhys (R-ee-s) Ferris Internet Mail Team | SMAS Support Team U.S. Senate Sent from my mobile device On Jun 20, 2024 8:38 PM, Jeff Pang via mailop <mailop@mailop.org> wrote: And in an hour it gets double IPs blocked. $ sudo iptables -L -n|grep DROP|wc -l 2805 any idea? Thanks > today I clear up iptables rules, and run fail2ban again. > in half of an hour, it blocked 1400+ IPs. > > $ sudo iptables -L -n|grep DROP|wc -l > 1407 > > > it seems the black ips are coming endlessly. > most of the bad actions are like this one: > > postfix/smtps/smtpd[451948]: warning: unknown[211.184.190.87]: SASL > LOGIN authentication failed: UGFzc3dvcmQ6 > > I am afraid too many iptables will slow down the performance of systems. > do you have any suggestion for handling this case? > > Thanks. > -- Jeff Pang jeffp...@aol.com _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
