On Thu, 2023-06-22 at 15:45 +0100, Allen Coates via Postfix-users wrote: > > > On 22/06/2023 12:58, André Rodier via Postfix-users wrote: > > > > What are you using on your side ? > > > > - Do you know any service, that I could use, to get the network to ban from > > an IP address reputation, something like > > crowdsec, for instance ? > > - Anyone has success with Suricata, Snort, or a tool like this ? > > > > Please, do not suggest third party hosted services, I want to be part of my > > self-hosting solution. > > Just thinking at a tangent... > > Is it possible / practical to develop the concept of a "service area" - to > white-list all the net-blocks where all > your > genuine callers originate, and prohibit everywhere else? > > For myself, I am able to firewall my Submission/IMAP/SSH ports to allow just > the one net-block over the Internet, and > to > use an ACL on PostScreen to disallow certain countries which are "nuisances". > > http://www.ipdeny.com have net-blocks of whole countries. > > Allen C > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org
I will probably end-up using a VPN for submission, and only allow SMTP on public internet. Postfix is configured to not allow authentication on SMTP, only on submission(s) ports. Thanks for your insights.
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
