IP drop list

[Oliver Welter]

Am 04.03.2015 um 21:45 schrieb Dave McGuire:
> On 03/04/2015 03:37 PM, Oliver Welter wrote:
>>>>> I would like to reiterate Reindl Harald's point above, since subsequent
>>>>> discussion has gotten away from it. If Dovecot had DNS RBL support
>>>>> similar to Postfix, I think quite a few people would use it, and
>>>>> thereby
>>>>> defeat the scanners far more effectively than any other method. It is
>>>>> good that other people are suggesting things that will work today, but
>>>>> in terms of what new feature would be the best solution, I can't think
>>>>> of one better than a DNS RBL.
>>>>
>>>> Please add this support to iptables instead of Dovecot. It's a waste of
>>>> effort to code it into every application that listens on the network.
>>>
>>>     <head explodes>
>>>
>>>     Would you care to integrate it into IOS on my Cisco as well?
>>>
>>>     There are things connected to the Internet that aren't PCs running
>>> Linux, you know.  It may be hard to accept, but that's the way it is.
>>>
>> I assume your dovecot runs on some kind of *nix
>
>    Of course.  I run it under Solaris.
>
>> so there should be some
>> sort of netfilter available which you can put in front of your listening
>> ports.
>
>    There is.  But I already have a firewall, running on bulletproof
> hardware that doesn't depend on spinning disks.  I don't want to add
> ANOTHER firewall when I already have a perfectly good one.  Besides, my
> mail server is built for...serving mail.  Not being a firewall.
>
Well, from an academic point of view, a network service that denies 
connection on the ip layer is also an ip firewall.

Oliver


-- 
Protect your environment -  close windows and adopt a penguin!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4074 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150304/69ad03d2/attachment-0001.p7s>