IP drop list
Earl Killian
dovecot at lists.killian.com
Wed Mar 4 04:03:52 UTC 2015
On 2015/3/2 10:03, Reindl Harald wrote:
>
> that is all nice
>
> but the main benefit of RBL's is always ignored:
>
> * centralized
> * no log parsing at all
> * honeypot data are "delivered" to any host
> * it's cheap
> * it's easy to maintain
> * it don't need any root privileges anywhere
>
> we have a small honeypot network with a couple of ipranges detecting
> mass port-scans and so on and this data are available *everywhere*
>
> so if some IP hits there it takes 60 seconds and any service
> supportings DNS blacklists can block them *even before* the bot hits
> the real mailserver at all
>
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and thereby
defeat the scanners far more effectively than any other method. It is
good that other people are suggesting things that will work today, but
in terms of what new feature would be the best solution, I can't think
of one better than a DNS RBL.
More information about the dovecot
mailing list