On 2015/3/2 10:03, Reindl Harald wrote:

that is all nice

but the main benefit of RBL's is always ignored:

* centralized
* no log parsing at all
* honeypot data are "delivered" to any host
* it's cheap
* it's easy to maintain
* it don't need any root privileges anywhere

we have a small honeypot network with a couple of ipranges detecting mass port-scans and so on and this data are available *everywhere*

so if some IP hits there it takes 60 seconds and any service supportings DNS blacklists can block them *even before* the bot hits the real mailserver at all

I would like to reiterate Reindl Harald's point above, since subsequent discussion has gotten away from it. If Dovecot had DNS RBL support similar to Postfix, I think quite a few people would use it, and thereby defeat the scanners far more effectively than any other method. It is good that other people are suggesting things that will work today, but in terms of what new feature would be the best solution, I can't think of one better than a DNS RBL.

Reply via email to