IP drop list

[@lbutlr]

On 02 Mar 2015, at 16:34 , Benny Pedersen <me at junc.eu> wrote:
> On March 2, 2015 8:32:35 PM Robert Schetterer <rs at sys4.de> wrote:
> 
>> the most problem may nat and false positves, with firewall or deny ip
>> stuff you may ban wanted users too, so this should be only used in heavy
>> cases, so there is no ultimate solution which fits every case on every setup
> 
> yep pop-before-smtp was simple once, here i just allow in country users with xtables geoip, out of country is vacation users with no life :)

You must have a small user base if you can block users who are out of the country. Even with my very small server I’ve had legitimate users connect from at least a dozen countries in the last year. Not everyone who travels abroad is doing it for vacation. I have one user who is often in the far east or India and another who is often in numerous African countries, all for business.

The proper thing to do is to setup authentication on port 587 and only use that for submitting mail (that is, do not allow submission on port 25 at all) and then use something like sshguard or fail2ban to blacklist repeated unauthorized connections.

I simply block ssh access at all unless it is from inside the LAN or from one specific IP address, so to get to my servers I have to ssh to ServerA which is the only server allowed external access to ssh on my mail web and DNS servers.

-- 
I intend to live forever -- so far, so good!