On 14 May 2019, at 13:15, @lbutlr <krem...@kreme.com> wrote: > On 14 May 2019, at 11:41, @lbutlr <krem...@kreme.com> wrote: >> Has anyone implemented geo based restrictions for postfix login connections, >> or is this something that needs to be done in dovecot? > > This seemed to work pretty well > > pfctl -t badguys -T add $(cat block.zone) > > I can then flush and add when the CIDR file is updated. > > block.zone is the combination of several countries from ipdeny.com and some > other bad actors that have been problems in the past.
(still looking for a way to block other IPs from just the specific services, but this list is, on reflection, small enough I can probably manage it manually in hosts.allow.) -- The whole thing that makes a mathematician's life worthwhile is that he gets the grudging admiration of three or four colleagues
