On 03/04/2015 09:45 PM, Dave McGuire wrote:
On 03/04/2015 03:37 PM, Oliver Welter wrote:
Am 04.03.2015 um 21:03 schrieb Dave McGuire:
Am 04.03.2015 um 20:12 schrieb Michael Orlitzky:
Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of effort to code it into every application that listens on the network.
(FWIW, I agree that DNSBL hooks have no business being in kernel space. A standard *userland* DNSBL client communicating with iptables and similar by means of libnetfilter_queue would sound quite promising, however ...)
Would you care to integrate it into IOS on my Cisco as well? [...] so there should be some sort of netfilter available which you can put in front of your listening ports.
There is. But I already have a firewall, running on bulletproof hardware that doesn't depend on spinning disks. I don't want to add ANOTHER firewall when I already have a perfectly good one. Besides, my mail server is built for...serving mail. Not being a firewall.
You're contradicting yourself here. If it's "a perfectly good" firewall, why would you care whether an additional feature (might or) might not get added to it? And if you don't trust those disks to keep spinning, why do you allow them to hold your e-mail?
For what it's worth, the host firewall functionality *already is* in the kernel, and kernel memory gets locked into RAM. Apart from bootup and local logging, firewalling may well just keep running after the HDD died in mid-operation (yes, I've seen (iptables-based) firewalls do that; the customers typically complain that the webUI or CLI turned unresponsive). Good luck getting the co-located dovecot to live up to that level of resilience. :-}
Regards, J. Bern
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>: Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/> Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel