> > Since blacklistd uses PF, you can already use fail2ban or sshguard > <https://www.sshguard.net/> to achieve the same thing you are after. > Given that blacklistd is just an intermediary like fail2ban, is > there a real need for dovecot interfacing with it? > > > Fail2ban and sshguard are log scanners. They are a very inelegant > approach that requires a lot of horsepower to scan logs that are not > designed for scanning, but for human reading. Log formats tend to > change with time thus necessitating updates to the scanners. Blacklistd > places a very short set of code to send a small packet to a socket when > the decision is made to deny access. There is no real delay in the > actual blocking. Scanning large logs in a high traffic environment is > expensive. For a product that is intended for high volume environments > I find it interesting that a log scanning solution would be appropriate.
And how does blacklistd get fed? _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
