IP drop list

Nick Edwards nick.z.edwards at gmail.com
Wed Mar 4 14:30:38 UTC 2015


On 3/4/15, Earl Killian <dovecot at lists.killian.com> wrote:
> On 2015/3/2 10:03, Reindl Harald wrote:
>>
>> that is all nice
>>
>> but the main benefit of RBL's is always ignored:
>>
>> * centralized
>> * no log parsing at all
>> * honeypot data are "delivered" to any host
>> * it's cheap
>> * it's easy to maintain
>> * it don't need any root privileges anywhere
>>
>> we have a small honeypot network with a couple of ipranges detecting
>> mass port-scans and so on and this data are available *everywhere*
>>
>> so if some IP hits there it takes 60 seconds and any service
>> supportings DNS blacklists can block them *even before* the bot hits
>> the real mailserver at all
>>
> I would like to reiterate Reindl Harald's point above, since subsequent
> discussion has gotten away from it. If Dovecot had DNS RBL support
> similar to Postfix, I think quite a few people would use it, and thereby
> defeat the scanners far more effectively than any other method. It is
> good that other people are suggesting things that will work today, but
> in terms of what new feature would be the best solution, I can't think
> of one better than a DNS RBL.
>

A people argued for this before, like a few argued for postfix-style
failover for mysql database lookups, both are welcome features by Timo
from memory, but only if someone else codes it up, otherwise, it will
probably snow in Dubai before Timo does it, just look at how scarce he
is here, we were getting bugzilla 18 months ago, and as the song goes
"still waiting, still waiting"
:->


More information about the dovecot mailing list