IP drop list

[Dave McGuire]

On 03/02/2015 09:41 PM, Joseph Tam wrote:
>>>>> then setup fail2ban to manage extrafields
>>>>
>>>>  Now that's a very interesting idea, thank you!  I will investigate
>>>> this.
>>>
>>> If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
>>> expect dovecot will handle a comma separated string with 45K+ entries
>>> any better.
>>
>>  My firewall can handle that without breaking a sweat.  I just haven't
>> found a way (that I'm comfortable with) to automatically inject rules
>> into it from a machine on the network.
>>
>>  Doing it via a DNSBL is an elegant solution to the problem, IMO.
> 
> I'm agnostic as far as which method you want to use.  All I'm saying is
> that using dovecot's allow_net facility is as difficult, if not
> more so, than letting your firewall handle it.

  I'm not disagreeing with you.  As I stated above, getting new rules
into my firewall in an automated way is not something I've found a good
way to do yet.  Granted, it has been a couple of years since I've
googled around to see if anyone has been able to do it in a reasonably
secure way.  (Perhaps it's time for me to revisit that.)

                 -Dave

-- 
Dave McGuire, AK4HZ/3
New Kensington, PA