IP drop list

Reindl Harald h.reindl at thelounge.net
Tue Mar 3 21:43:24 UTC 2015


Am 03.03.2015 um 22:31 schrieb Oliver Welter:
> I did a quick hack for exactly this purpose - send offending IPs from my
> mail server to the firewall "in a secure way". Its a python script that
> uses the fail2ban syntax on the one end and feeds a (patched) pfSense on
> the other end. You can find the scripts on github:
> https://github.com/oliwel/fail2sense - be warned, its a first draft -
> but it does the job here...For the unblock feature you need this patch
> against pfsense https://github.com/pfsense/pfsense/pull/1444/

the problem is the "in a secure way"

that's not really possible when you mangle firewall rules which implies 
root permissions - as RBL request is just a DNS request which don't need 
*any* permissions on the machine which does the request

the other problem is mangle firewall rules in context of existing 
infrastructures is error prone - you may interfere existing rulesets - 
it's a bad idea to start with

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150303/d3ce8f6c/attachment.sig>


More information about the dovecot mailing list