Re: Block certain remote hosts on submission port

2013-08-24 Thread LuKreme
On 22 Aug 2013, at 21:28 , Stan Hoeppner s...@hardwarefreak.com wrote: ~$ wget http://ipdeny.com/ipblocks/data/countries/us.zone ~$ sed 's/$/ OK/g' us.zone us.cidr ~$ cp us.cidr /etc/postfix ~$ postfix reload and you're off to the races. Interesting idea. I'm in much the same boat.

Re: Block certain remote hosts on submission port

2013-08-24 Thread Stan Hoeppner
On 8/24/2013 1:18 PM, LuKreme wrote: On 22 Aug 2013, at 21:28 , Stan Hoeppner s...@hardwarefreak.com wrote: ~$ wget http://ipdeny.com/ipblocks/data/countries/us.zone ~$ sed 's/$/ OK/g' us.zone us.cidr ~$ cp us.cidr /etc/postfix ~$ postfix reload and you're off to the races.

Re: Block certain remote hosts on submission port

2013-08-24 Thread Noel Jones
On 8/24/2013 3:52 PM, Stan Hoeppner wrote: On 8/24/2013 1:18 PM, LuKreme wrote: On 22 Aug 2013, at 21:28 , Stan Hoeppner s...@hardwarefreak.com wrote: ~$ wget http://ipdeny.com/ipblocks/data/countries/us.zone ~$ sed 's/$/ OK/g' us.zone us.cidr ~$ cp us.cidr /etc/postfix ~$ postfix

Re: Block certain remote hosts on submission port

2013-08-23 Thread Mikael Bak
On 08/22/2013 01:51 PM, Charles Marcus wrote: [snip] The simple fact is, we do not have any users based *anywhere* but the US, so, is what is the simplest way to block any/all non-US based client connections on my submission port? [snip] Hi, Sometimes it seems like a good solution to

Re: Block certain remote hosts on submission port

2013-08-23 Thread Patrick Lists
On 08/23/2013 12:47 PM, Mikael Bak wrote: [snip] In fact it's not a good idea at all IMO. People do travel and they need to read and write email while they are abroad. Laptop and/or smartphone users will not like your new restriction policy when they try to get some work done while visiting a

Block certain remote hosts on submission port

2013-08-22 Thread Charles Marcus
Hi all, This isn't about spam, this is about blocking obvious attempts to hack/connect to my submission port. I know and understand the argument against just blanket blocking hosts based on the country of origin, but I've recently been seeing random connections on my submission port from

Re: Block certain remote hosts on submission port

2013-08-22 Thread Simon B
On 22 Aug 2013 13:52, Charles Marcus cmar...@media-brokers.com wrote: Hi all, This isn't about spam, this is about blocking obvious attempts to hack/connect to my submission port. I know and understand the argument against just blanket blocking hosts based on the country of origin, but I've

Re: Block certain remote hosts on submission port

2013-08-22 Thread Charles Marcus
On 2013-08-22 8:03 AM, Simon B simon.buongio...@gmail.com wrote: Surely the simplest solution is fail2ban with the false attempts in x minutes resulting in a 20 minute ban? No for two reasons... 1. Again, we have ZERO users who are outside the US, so why allow connections at all? and

Re: Block certain remote hosts on submission port

2013-08-22 Thread li...@rhsoft.net
Am 22.08.2013 14:23, schrieb Charles Marcus: Now to figure out how to log these firewall rejections to a separate log file, so I can see them if/when someone complains about not being able to connect nothing easier than that * the first rule logs with rate-control to avoid self-DOS * the

Re: Block certain remote hosts on submission port

2013-08-22 Thread Stan Hoeppner
On 8/22/2013 6:51 AM, Charles Marcus wrote: The simple fact is, we do not have any users based *anywhere* but the US, so, is what is the simplest way to block any/all non-US based client connections on my submission port? Use the us.zone ipdeny file to build a CIDR table to accept any US

Re: Block certain remote hosts on submission port

2013-08-22 Thread Stan Hoeppner
On 8/22/2013 9:57 AM, Stan Hoeppner wrote: On 8/22/2013 6:51 AM, Charles Marcus wrote: The simple fact is, we do not have any users based *anywhere* but the US, so, is what is the simplest way to block any/all non-US based client connections on my submission port? Use the us.zone ipdeny