On 14/08/2022 19:51, Matus UHLAR - fantomas wrote:
but which lists? using spamhaus PBL is not viable because it lists dynamic IP address which can be commonly used by clients.
Could you try "permit_dnswl_client dnswl_domain=d.d.d.d", with the Spamhaus PBL and a selective return code? Whitelist what you *DO* want and reject everything else.
http://www.ipdeny.com provide IP blocklists based on country of origin; you could use these to create an ACL, to exclude anyone outside a nominal "service area".
I play with country-based ACLs on my domestic system; some countries have a MUCH harder time gaining access to port 25 than UK/US.
Just an idea... Allen C
