On 8/24/2013 3:52 PM, Stan Hoeppner wrote:
> On 8/24/2013 1:18 PM, LuKreme wrote:
>>
>> On 22 Aug 2013, at 21:28 , Stan Hoeppner wrote:
>>
>>> ~$ wget http://ipdeny.com/ipblocks/data/countries/us.zone
>>> ~$ sed 's/$/ OK/g' us.zone > us.cidr
>>> ~$ cp us.cidr /etc/postfix
>>> ~$ postfix reload
>
On 8/24/2013 1:18 PM, LuKreme wrote:
>
> On 22 Aug 2013, at 21:28 , Stan Hoeppner wrote:
>
>> ~$ wget http://ipdeny.com/ipblocks/data/countries/us.zone
>> ~$ sed 's/$/ OK/g' us.zone > us.cidr
>> ~$ cp us.cidr /etc/postfix
>> ~$ postfix reload
>>
>> and you're off to the races.
>
> Interesting
On 22 Aug 2013, at 21:28 , Stan Hoeppner wrote:
> ~$ wget http://ipdeny.com/ipblocks/data/countries/us.zone
> ~$ sed 's/$/ OK/g' us.zone > us.cidr
> ~$ cp us.cidr /etc/postfix
> ~$ postfix reload
>
> and you're off to the races.
Interesting idea. I'm in much the same boat. Although I do have
On 08/23/2013 12:47 PM, Mikael Bak wrote:
[snip]
In fact it's not a good idea at all IMO.
People do travel and they need to read and write email while they are
abroad.
Laptop and/or smartphone users will not like your new restriction policy
when they try to get some work done while visiting a pa
On 08/22/2013 01:51 PM, Charles Marcus wrote:
[snip]
>
> The simple fact is, we do not have any users based *anywhere* but the
> US, so, is what is the simplest way to block any/all non-US based client
> connections on my submission port?
>
[snip]
Hi,
Sometimes it seems like a good solution to f
On 8/22/2013 9:57 AM, Stan Hoeppner wrote:
> On 8/22/2013 6:51 AM, Charles Marcus wrote:
>
>> The simple fact is, we do not have any users based *anywhere* but the
>> US, so, is what is the simplest way to block any/all non-US based client
>> connections on my submission port?
>
>
> Use the us.z
On 8/22/2013 6:51 AM, Charles Marcus wrote:
> The simple fact is, we do not have any users based *anywhere* but the
> US, so, is what is the simplest way to block any/all non-US based client
> connections on my submission port?
Use the us.zone ipdeny file to build a CIDR table to accept any US
c
Am 22.08.2013 14:23, schrieb Charles Marcus:
> Now to figure out how to log these firewall rejections to a separate log
> file, so I can see them if/when someone
> complains about not being able to connect
nothing easier than that
* the first rule logs with rate-control to avoid self-DOS
* the
On 2013-08-22 8:03 AM, Simon B wrote:
Surely the simplest solution is fail2ban with the false attempts in x
minutes resulting in a 20 minute ban?
No for two reasons...
1. Again, we have ZERO users who are outside the US, so why allow
connections at all?
and
2. I am not currently seein
On 22 Aug 2013 13:52, "Charles Marcus" wrote:
>
> Hi all,
>
> This isn't about spam, this is about blocking obvious attempts to
hack/connect to my submission port.
>
> I know and understand the argument against just blanket blocking hosts
based on the country of origin, but I've recently been seei
10 matches
Mail list logo
