On 8/24/2013 3:52 PM, Stan Hoeppner wrote:
> On 8/24/2013 1:18 PM, LuKreme wrote:
>>
>> On 22 Aug 2013, at 21:28 , Stan Hoeppner wrote:
>>
>>> ~$ wget http://ipdeny.com/ipblocks/data/countries/us.zone
>>> ~$ sed 's/$/ OK/g' us.zone > us.cidr
>>> ~$ cp us.cidr /etc/postfix
>>> ~$ postfix reload
>
On 8/24/2013 1:18 PM, LuKreme wrote:
>
> On 22 Aug 2013, at 21:28 , Stan Hoeppner wrote:
>
>> ~$ wget http://ipdeny.com/ipblocks/data/countries/us.zone
>> ~$ sed 's/$/ OK/g' us.zone > us.cidr
>> ~$ cp us.cidr /etc/postfix
>> ~$ postfix reload
>>
>> and you're off to the races.
>
> Interesting
On 22 Aug 2013, at 21:28 , Stan Hoeppner wrote:
> ~$ wget http://ipdeny.com/ipblocks/data/countries/us.zone
> ~$ sed 's/$/ OK/g' us.zone > us.cidr
> ~$ cp us.cidr /etc/postfix
> ~$ postfix reload
>
> and you're off to the races.
Interesting idea. I'm in much the same boat. Although I do have
On 08/23/2013 12:47 PM, Mikael Bak wrote:
[snip]
In fact it's not a good idea at all IMO.
People do travel and they need to read and write email while they are
abroad.
Laptop and/or smartphone users will not like your new restriction policy
when they try to get some work done while visiting a pa
On 08/22/2013 01:51 PM, Charles Marcus wrote:
[snip]
>
> The simple fact is, we do not have any users based *anywhere* but the
> US, so, is what is the simplest way to block any/all non-US based client
> connections on my submission port?
>
[snip]
Hi,
Sometimes it seems like a good solution to f
On 8/22/2013 9:57 AM, Stan Hoeppner wrote:
> On 8/22/2013 6:51 AM, Charles Marcus wrote:
>
>> The simple fact is, we do not have any users based *anywhere* but the
>> US, so, is what is the simplest way to block any/all non-US based client
>> connections on my submission port?
>
>
> Use the us.z
On 8/22/2013 6:51 AM, Charles Marcus wrote:
> The simple fact is, we do not have any users based *anywhere* but the
> US, so, is what is the simplest way to block any/all non-US based client
> connections on my submission port?
Use the us.zone ipdeny file to build a CIDR table to accept any US
c
Am 22.08.2013 14:23, schrieb Charles Marcus:
> Now to figure out how to log these firewall rejections to a separate log
> file, so I can see them if/when someone
> complains about not being able to connect
nothing easier than that
* the first rule logs with rate-control to avoid self-DOS
* the
On 2013-08-22 8:03 AM, Simon B wrote:
Surely the simplest solution is fail2ban with the false attempts in x
minutes resulting in a 20 minute ban?
No for two reasons...
1. Again, we have ZERO users who are outside the US, so why allow
connections at all?
and
2. I am not currently seein
On 22 Aug 2013 13:52, "Charles Marcus" wrote:
>
> Hi all,
>
> This isn't about spam, this is about blocking obvious attempts to
hack/connect to my submission port.
>
> I know and understand the argument against just blanket blocking hosts
based on the country of origin, but I've recently been seei
Hi all,
This isn't about spam, this is about blocking obvious attempts to
hack/connect to my submission port.
I know and understand the argument against just blanket blocking hosts
based on the country of origin, but I've recently been seeing random
connections on my submission port from hos
11 matches
Mail list logo
