IP drop list
Robert Schetterer
rs at sys4.de
Mon Mar 2 17:56:18 UTC 2015
Am 02.03.2015 um 11:34 schrieb Joseph Tam:
> Dave McGuire writes:
>
>>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>>>
>>> then setup fail2ban to manage extrafields
>>
>> Now that's a very interesting idea, thank you! I will investigate this.
>
> If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
> expect dovecot will handle a comma separated string with 45K+ entries
> any better. If you want to turn your global backlist into a per-user
> whitelist, that would be perfectly doable though.
>
> Joseph Tam <jtam.home at gmail.com>
perhaps and i mean really "perhaps" go this way
https://sys4.de/de/blog/2014/03/27/fighting-smtp-auth-brute-force-attacks/
https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/
45K+ IPs will work in a recent table
i have them too but for smtp only like
echo 10000000 > /sys/module/xt_recent/parameters/ip_list_tot
combine with geoip might be a good idea too
is ultra faster then fail2ban cause no log file parsing is needed
or an other idea
you might test, configure a syslog filter pumping in a recent table the
direct way
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list