IP drop list
Dave McGuire
mcguire at neurotica.com
Mon Mar 2 21:50:00 UTC 2015
On 03/02/2015 05:34 AM, Joseph Tam wrote:
>>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>>>
>>> then setup fail2ban to manage extrafields
>>
>> Now that's a very interesting idea, thank you! I will investigate this.
>
> If you don't expect yor firewall to handle 45K+ IPs, I'm not how you
> expect dovecot will handle a comma separated string with 45K+ entries
> any better.
My firewall can handle that without breaking a sweat. I just haven't
found a way (that I'm comfortable with) to automatically inject rules
into it from a machine on the network.
Doing it via a DNSBL is an elegant solution to the problem, IMO. It
offloads the IP address indexing to the DNS server; BIND (and most
anything else I'd imagine, but I run BIND) uses a pretty respectable
in-memory btree system which gives fast lookups. (well, at least that's
what it used the last time I looked at its internals)
I myself just want a mechanism to deny certain IP addresses when I
spot them, regardless of the implementation. But anything that offloads
my mail servers from anything that doesn't involve serving mail makes me
happy.
-Dave
--
Dave McGuire, AK4HZ/3
New Kensington, PA
More information about the dovecot
mailing list