On 2015/3/2 10:03, Reindl Harald wrote:
that is all nice
but the main benefit of RBL's is always ignored:
* centralized
* no log parsing at all
* honeypot data are "delivered" to any host
* it's cheap
* it's easy to maintain
* it don't need any root privileges anywhere
we have a small honeypot network with a couple of ipranges detecting
mass port-scans and so on and this data are available *everywhere*
so if some IP hits there it takes 60 seconds and any service
supportings DNS blacklists can block them *even before* the bot hits
the real mailserver at all
I would like to reiterate Reindl Harald's point above, since subsequent
discussion has gotten away from it. If Dovecot had DNS RBL support
similar to Postfix, I think quite a few people would use it, and thereby
defeat the scanners far more effectively than any other method. It is
good that other people are suggesting things that will work today, but
in terms of what new feature would be the best solution, I can't think
of one better than a DNS RBL.
