On 03/07/13 18:44, Benny Pedersen wrote:
Timo Sirainen skrev den 2013-07-03 03:27:
You're talking about IMAP/POP3 connections? Possible, yeah .. possibly even without code changes by using tcpwrappers.
why is it needed ?
setup fail2ban to manange xtables-addons geoip csv files from abusers, then use this csv file as A0 list in iptables, end result is low memory footprint, it should not be a dovecot solotion
I would not see fail2ban as the only solution. On the mta I use both dnsbl and fail2ban and both help in their own ways to reduce/limit unwanted connections.
I wouldn't consider adding large numbers of rules to iptables but I would consider querying a dnsbl which contained large numbers of ips, since the management of the data is then off the server.
John