On 22 Aug 2013 13:52, "Charles Marcus" <cmar...@media-brokers.com> wrote: > > Hi all, > > This isn't about spam, this is about blocking obvious attempts to hack/connect to my submission port. > > I know and understand the argument against just blanket blocking hosts based on the country of origin, but I've recently been seeing random connections on my submission port from hosts @ .ru and .cn domains. > > The simple fact is, we do not have any users based *anywhere* but the US, so, is what is the simplest way to block any/all non-US based client connections on my submission port? > > I'd also like to be able to whitelist certain domains, in the rare case where someone might be on vacation abroad, and when they call me complaining that they cannot send email, I can see the country they are in my reject logs and whitelist that country temporarily.
Surely the simplest solution is fail2ban with the false attempts in x minutes resulting in a 20 minute ban? This works for me... Otherwise you'd get more flexibility at the firewall level for geoip ranges.. Simon
