> On Nov 3, 2019, at 12:04 PM, Phil Stracchino <ph...@caerllewys.net> wrote: > > On 2019-11-03 05:24, Allen Coates wrote: >> >> >> On 03/11/2019 02:42, Wietse Venema wrote: >>> John Schmerold: >>>> What is the best way to protect against dictionary attacks in Postfix? >>> >>> Reportedly, fail2ban (no first-hand experience, because I have no >>> SASL clients). >>> >>> Wietse >>> >> >> I run a home-brewed fail2ban look-alike; I find it almost as useful as >> postscreen. > > I've been thinking about setting up exactly such a thing myself. Trying > to figure out how to make fail2ban talk to a Shorewall firewall on a > different box is just too much of a pain for such a fundamentally simple > task. It's like trying to set up a CNC mill when all you actually want > to do is file 2mm off a strike plate.
Yes. And recently there was a change that broke old rules (this was for pf, not sure about other firewalls), and it was annoying. I also find the memory use kind of ludicrous for small/VPS hosts - 150MB for a table of banned IPs? Also it was more than happy to start with a good exit code when it failed to manipulate the firewall, which kind of scared the bejesus out of me and sent me investigating a pile of servers to see if that was happening elsewhere. I wish there were more alternatives out there, although the maintenance burden of dealing with arbitrary logfile changes is probably a pain. It’s crazy how the open source world has gone from railing against the Microsoft monoculture issue to creating their own (unintentionally but still…). Charles > > > -- > Phil Stracchino > Babylon Communications > ph...@caerllewys.net > p...@co.ordinate.org > Landline: +1.603.293.8485 > Mobile: +1.603.998.6958
