IP drop list

Jochen Bern Jochen.Bern at LINworks.de
Wed Mar 4 23:12:02 UTC 2015 

On 03/04/2015 09:45 PM, Dave McGuire wrote:
> On 03/04/2015 03:37 PM, Oliver Welter wrote:
>> Am 04.03.2015 um 21:03 schrieb Dave McGuire: 
>>> Am 04.03.2015 um 20:12 schrieb Michael Orlitzky: 
>>>> Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of
>>>> effort to code it into every application that listens on the network.

(FWIW, I agree that DNSBL hooks have no business being in kernel space.
A standard *userland* DNSBL client communicating with iptables and
similar by means of libnetfilter_queue would sound quite promising,
however ...)

>>>    Would you care to integrate it into IOS on my Cisco as well?
[...]
>> so there should be some
>> sort of netfilter available which you can put in front of your listening
>> ports.
> 
>   There is.  But I already have a firewall, running on bulletproof
> hardware that doesn't depend on spinning disks.  I don't want to add
> ANOTHER firewall when I already have a perfectly good one.  Besides, my
> mail server is built for...serving mail.  Not being a firewall.

You're contradicting yourself here. If it's "a perfectly good" firewall,
why would you care whether an additional feature (might or) might not
get added to it? And if you don't trust those disks to keep spinning,
why do you allow them to hold your e-mail?

For what it's worth, the host firewall functionality *already is* in the
kernel, and kernel memory gets locked into RAM. Apart from bootup and
local logging, firewalling may well just keep running after the HDD died
in mid-operation (yes, I've seen (iptables-based) firewalls do that; the
customers typically complain that the webUI or CLI turned unresponsive).
Good luck getting the co-located dovecot to live up to that level of
resilience. :-}

Regards,
								J. Bern
-- 
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel

More information about the dovecot mailing list