Hi, > On 22 Jun 2023, at 21:05, André Rodier via Postfix-users > <postfix-users@postfix.org> wrote: > > What are you using on your side ?
I'm running postfix on FreeBSD so I can use blacklistd. A blacklistd hook has been inserted in Postfix source code so treatment is triggered directly from events handled by Postfix. (some info about that, in NetBSD context: https://imil.net/blog/posts/2020/make-postfix-trigger-blacklistd-on-failed-authentication/) Postfix signals blacklistd on failed auth, blacklistd takes a decision according to its configuration. In general when the threshold is reached, the offending IP address (or the /24 if you want) is inserted in a firewall table. sample output: $ sudo blacklistctl dump -b | head -3 address/ma:port id nfail last access 103.4.64.124/32:587 OK 3/3 2023/06/22 04:24:29 115.23.23.103/32:587 OK 3/3 2023/06/22 01:37:53 > - Do you know any service, that I could use, to get the network to ban from > an IP address reputation, something like > crowdsec, for instance ? crowdsec would probably work, but I've only tried it as a source of bad IP to block. I've note tried it as a reporting tool for new bad IP that are not yet in the crowdsourced blacklist. number of IP in the crowdsec provided blocklist on my firewall: $ sudo pfctl -t crowdsec-blacklists -T show|wc -l 17336 cheers patpro _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
