Hi all, Straight to the point, I ban IPs using fail2ban based on 4 jails. The reasons vary from bruteforce sasl login attacks from specific IPs to number of attempts to send suspect/confirmed spam mails. Right now, there is a iptables rule that starts dropping packets for a IP. This is highly undesirable as if sometimes this IP is a NAT server's IP for a org, there are cases where SMTP packets from all clients of that org get dropped and they have no clue what so ever.
For now, I want to start rejecting connects with a REJECT message that can be different for different IPs. One way I could do is using "access" file and adding IPs to it. Unfortunately, it will work for a single server but not for a cluster of outbound servers. Questions: 1. If I use "access" file to block IPs, it's a challenge to keep all servers data in sync. Also, it'll require me to run postmap each and every time file changes, does that effect postfic performance in any way? 2. I thought the option of writing milter using python where I could keep one Redis instance as master & rest outbound servers will have a slave Redis server. Each time a connect happens, I'll check the IP against my local Redis instance and act accordingly. I think it's a overkill. What do you guys think? 3. I could also write a policy server. Is there already a policy server that's as simple as blocking IPs based on a ACL. But then, I'll have to run a local mysql server also. For now, my postfix instance supports these lookup tables. $ postconf -c /etc/postfix -m btree cidr environ hash internal nis pcre pgsql proxy regexp static tcp texthash unix None of them is a database that's light like Redis and supports master-slave configuration. Can you suggest what are my options? -- Regards, Abhijeet Rastogi (shadyabhi) http://blog.abhijeetr.com
