On 3/31/25 3:22 AM, Matus UHLAR - fantomas via Postfix-users wrote:
On 29.03.25 17:41, John Hill via Postfix-users wrote:
In my last gig I ran Exchange, Oracle and various Debian servers. I
retired and set up Postfix, bind9 etc to support my hobby domain. It
keeps me involved.
I use Fail2Ban, lousy docs, good product. I upgraded from iptables to
nftables. I have written a few regex filters passing variables to
actions for nftables and Postfix that work rather well. I like
MariaDB, not Oracle but, as I said, it keeps me involved.
I update nftables sets dynamically. I did not like fail2ban
reloading Postfix to update the access files.
Just FYI, this can be done with iptables as well, you just need to use
ipsets which may need separate ipset command.
With the advice found here. I have changed access lists to lmdb. I
had not used postmap on postscreen's cidr files previously. I read
doing so would eliminate reloading on updates.
Used Ipsets a lot. Nftables will do the same thing, bu not quite as
well. It loads updates to memory. I follow it with a rule set dump and
write to a set table file for reloads.
Thx
--john
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
