On 2024-06-21 at 02:56:44 UTC-0400 (Fri, 21 Jun 2024 08:56:44 +0200)
Dominique Rousseau via mailop <d.rouss...@nnx.com>
is rumored to have said:
Also, if the same IPs are comming back often, you could look the
"recidive" rules, for long term ban, and/or (semi)manually check
wether
IPs are from somme common netblocks and add permanet rules to block
them.
This is a good piece of advice.
On my mail systems I have simple ad hoc tools that identify 'hot'
address ranges for me so that I can choose to block the specifically
problematic ranges either completely (in my case, non-India Asian mobile
carriers and hosters...) or just for authenticated services (reputable
hosters and retail ISPs our users don't use) The nicinfo RubyGem and
the whob tool from the LFT package are both useful for identifying the
specifically relevant CIDR blocks and making judgments on whether you
want to block broadly or narrowly.
One effect I have seen from doing that has been an eventual reduction in
previously unseen attack sources. They are not just bouncing off the
packet filter, some attackers are clearly responding to the feedback of
failed connections by not coming back to me from new IPs.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
