On 03/07/13 18:44, Benny Pedersen wrote: > Timo Sirainen skrev den 2013-07-03 03:27: > >> You're talking about IMAP/POP3 connections? >> Possible, yeah .. possibly even without code changes by using >> tcpwrappers. > > why is it needed ? > > setup fail2ban to manange xtables-addons geoip csv files from abusers, > then use this csv file as A0 list in iptables, end result is low > memory footprint, it should not be a dovecot solotion > I would not see fail2ban as the only solution. On the mta I use both dnsbl and fail2ban and both help in their own ways to reduce/limit unwanted connections.
I wouldn't consider adding large numbers of rules to iptables but I would consider querying a dnsbl which contained large numbers of ips, since the management of the data is then off the server. John