1 Sep
2013
1 Sep
'13
10:59 p.m.
On 9/1/2013 10:00 AM, Charles Marcus wrote:
On 2013-08-30 7:55 PM, Joseph Tam jtam.home@gmail.com wrote:
Michael Smith writes:
We're already running fail2ban, but it doesn't seem that effective against botnets, when they only do one attempt per IP.
Yeah, distributed BFDs are tough to block unless you can characterize the clients well.
Wonder if there's a way to leverage Stan Hoeppner's most excellent botnet killer to reject AUTHs from the same types of clients before they even try?
Stan?
The objective of Stan's list is to reject dynamic hosts, because the overwhelming majority of dynamic hosts trying to send via SMTP are zombies.
For dovecot, the situation is quite different. Blocking all dynamic IPs would be an obvious mistake.
-- Noel Jones